[ntp:questions] Re: Fingerprinting hosts by clock skew

David L. Mills mills at udel.edu
Fri Mar 11 02:28:41 UTC 2005


Not in the Alpha. I took great pains in the Alpha OSF-1 nanokernel to 
derive all system timing from the same software clock. Everything in the 
machine runs off the same clock, so TCP sees the same clock as NTP. I 
was worried about exactly your concern. I haven't checked the FreeBSD 
kernel; it might do the same thing.


Brad Knowles wrote:

> At 6:26 PM +0100 2005-03-09, Mxsmanic wrote:
>>  Why not just build hardware RTCs that allow for extremely fine
>>  adjustments via software?  NTP could calculate the correct adjustment,
>>  then program the RTC hardware directly, ultimately producing an
>>  extraordinarily accurate hardware clock.  A clock synchronized in this
>>  way would also eliminate fingerprinting by clock skew, since the skew
>>  would soon fall to zero.
>     It's not necessary.  Running NTP with current hardware is enough to 
> eliminate the ability to apply active attacks using the mechanisms 
> shown.  The problem is that passive and semi-active attacks are still 
> possible, because the clock skew corrections applied to the system clock 
> are not also applied to the TCP/IP clock, and you can still measure and 
> fingerprint the TCP clock skew.

More information about the questions mailing list