[ntp:questions] Re: Fingerprinting hosts by clock skew

Mxsmanic mxsmanic at hotmail.com
Thu Mar 10 09:34:24 UTC 2005

Brad Knowles writes:

> It's not necessary.  Running NTP with current hardware is enough 
> to eliminate the ability to apply active attacks using the mechanisms 
> shown.  The problem is that passive and semi-active attacks are still 
> possible, because the clock skew corrections applied to the system 
> clock are not also applied to the TCP/IP clock, and you can still 
> measure and fingerprint the TCP clock skew.

But if you applied the corrections directly to the clock hardware, then
anything using the hardware clock would incorporate those corrections,
including TCP/IP clocks ... right?

Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

More information about the questions mailing list