[ntp:questions] Re: Fingerprinting hosts by clock skew

Brad Knowles brad at stop.mail-abuse.org
Thu Mar 10 22:15:31 UTC 2005


At 5:57 PM +0100 2005-03-10, Mxsmanic wrote:

>  It must reference some sort of clock keeping real time, if it is
>  supposed to be linked to actual elapsed time.  If not, it's a complete
>  simulation, and I'm not even sure what purpose it serves in that case
>  (?).

	So far as I can tell, it is not linked to any other clock on the 
system.  The point of the fingerprinting technique is that it doesn't 
matter where the clock comes from, nor does it matter how accurate it 
is, so long as it is predictable.

>  In any case, UNIX does not include this information, anyway, right?  (Or
>  is it Windows that doesn't include it?)

	So far as I know, this feature is found in all known 
implementations of TCP/IP.  I don't know if this is a requirement of 
the IP protocol, or if it is a side-effect of the implementations.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list