NMAP correctly guesses uptime
Posted: Wed Apr 09, 2003 10:07 am
I've just run NMAP(Win) against a server with grsec 1.9.9e and it manages to work out the uptime. Apparently it does this by looking at the TCP timestamp.
I don't really see how a remote attacker could exploit that information, but I was wondering if grsec could have some feature to prevent this.
Perhaps setting the timestamp to a random value at boot time?
It also correctly guessed the OS as "linux 2.4.0 - 2.5.20" - whereas it was unable to guess on a similar server with grsec 1.9.7d. Has something changed or have I misconfigured it?
Phil Skuse.
I don't really see how a remote attacker could exploit that information, but I was wondering if grsec could have some feature to prevent this.
Perhaps setting the timestamp to a random value at boot time?
It also correctly guessed the OS as "linux 2.4.0 - 2.5.20" - whereas it was unable to guess on a similar server with grsec 1.9.7d. Has something changed or have I misconfigured it?
Phil Skuse.