Page 1 of 1

NMAP correctly guesses uptime

PostPosted: Wed Apr 09, 2003 10:07 am
by PhilSkuse
I've just run NMAP(Win) against a server with grsec 1.9.9e and it manages to work out the uptime. Apparently it does this by looking at the TCP timestamp.

I don't really see how a remote attacker could exploit that information, but I was wondering if grsec could have some feature to prevent this.

Perhaps setting the timestamp to a random value at boot time?

It also correctly guessed the OS as "linux 2.4.0 - 2.5.20" - whereas it was unable to guess on a similar server with grsec 1.9.7d. Has something changed or have I misconfigured it?

Phil Skuse.

PostPosted: Wed Apr 09, 2003 10:41 am
by PhilSkuse
To answer my own question:

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

I am surprised that this isn't the default.

Phil Skuse.