[ntp:questions] Re: Fingerprinting hosts by clock skew

Brad Knowles brad at stop.mail-abuse.org
Wed Mar 9 10:15:32 UTC 2005

At 8:07 PM -0800 2005-03-08, Michael Deutschmann wrote:

>  If you really can take millidegree accurate readings of temperature via the
>  drift, that would imply that nearly all the noise in the drift is from heat,
>  and the above approach could make a large improvement.  Of course someone
>  would have to work out how to integrate it sanely into the rest of the NTP
>  algorithms...

	As far as the paper is concerned, that's totally irrelevant.  The 
system clock skew correction is not being applied to the TCP/IP clock 
skew, so even if the server is running NTP and you're not vulnerable 
to active attacks, you are still vulnerable to passive and 
semi-active attacks.

	Try reading the paper again.

	In the meanwhile, I'm trying to get people in the various 
different "free" OS camps to fix their network stacks so that if the 
server is running NTP, then the clock skew corrections are applied to 
both places, and this should make you relatively immune to even 
passive and semi-active attacks.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the questions mailing list