[ntp:questions] Re: Fingerprinting hosts by clock skew
Mxsmanic
mxsmanic at hotmail.com
Thu Mar 10 09:34:24 UTC 2005
Brad Knowles writes:
> It's not necessary. Running NTP with current hardware is enough
> to eliminate the ability to apply active attacks using the mechanisms
> shown. The problem is that passive and semi-active attacks are still
> possible, because the clock skew corrections applied to the system
> clock are not also applied to the TCP/IP clock, and you can still
> measure and fingerprint the TCP clock skew.
But if you applied the corrections directly to the clock hardware, then
anything using the hardware clock would incorporate those corrections,
including TCP/IP clocks ... right?
--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.
More information about the questions
mailing list