[ntp:questions] Re: Fingerprinting hosts by clock skew
David L. Mills
mills at udel.edu
Fri Mar 11 02:28:41 UTC 2005
Not in the Alpha. I took great pains in the Alpha OSF-1 nanokernel to
derive all system timing from the same software clock. Everything in the
machine runs off the same clock, so TCP sees the same clock as NTP. I
was worried about exactly your concern. I haven't checked the FreeBSD
kernel; it might do the same thing.
Brad Knowles wrote:
> At 6:26 PM +0100 2005-03-09, Mxsmanic wrote:
>> Why not just build hardware RTCs that allow for extremely fine
>> adjustments via software? NTP could calculate the correct adjustment,
>> then program the RTC hardware directly, ultimately producing an
>> extraordinarily accurate hardware clock. A clock synchronized in this
>> way would also eliminate fingerprinting by clock skew, since the skew
>> would soon fall to zero.
> It's not necessary. Running NTP with current hardware is enough to
> eliminate the ability to apply active attacks using the mechanisms
> shown. The problem is that passive and semi-active attacks are still
> possible, because the clock skew corrections applied to the system clock
> are not also applied to the TCP/IP clock, and you can still measure and
> fingerprint the TCP clock skew.
More information about the questions