[ntp:questions] Re: Fingerprinting hosts by clock skew
David L. Mills
mills at udel.edu
Sat Mar 5 01:28:57 UTC 2005
It doesn't work for a NTP-synchronized machine if the perp can't find
the frequency correction determined by the protocol.
However, the most useful property of the clock frequency is to track
systematic changes, which serves as a quite accurate thermometer. I have
on occasion discovered a failed machine room A/C, a failed motherboard
fan, a window left open on a cold night; the list goes on. With a
sensitivity of about one degree per PPM and a frequency resolution of
.001 PPM in the frequency displays, we are talking about millidegrees here.
We have NTP-synchronized machines in campus buildings running the bells
that toll every fifteen minutes (MIDI plus PA system). I have proposed a
campus personal navigation system using the bell tones and DECCA
navigation technology. It could use Doppler to determine personal
velocity as well. I should add to that proposal using NTP frequency to
reveal outdoor temperature if the IT staff would put the computer
outside the building in a doghouse on the roof.
Kenneth Porter wrote:
> Interesting research reported on SlashDot:
> Tracking a Specific Machine Anywhere On The Net
> Remote physical device fingerprinting
More information about the questions