|
Nmap Development
mailing list archives
Re: Uptime estimates and TCP timestamp offsets
From: "Michael Pattrick" <snownet () gmail com>
Date: Mon, 18 Aug 2008 21:36:25 -0400
On Mon, Aug 18, 2008 at 8:02 PM, David Fifield <david () bamsoftware com> wrote:
-snip-
I scanned a Mac OS X 10.5.4 machine moments after booting it up. I
repeated the experiment four times, rebooting each time. I got
Ignoring claimed uptime of 1219 days
Ignoring claimed uptime of 1181 days
Uptime: 644.073 days
Ignoring claimed uptime of 871 days
With the Debian Lenny kernel, I get:
Uptime: 198.840 days (since Sat Feb 02 00:01:06 2008)
Uptime: 199.637 days (since Fri Feb 01 04:55:34 2008)
Uptime: 199.637 days (since Fri Feb 01 04:57:27 2008)
Uptime: 198.838 days (since Sat Feb 02 00:10:15 2008)
The real uptime should be less then one day, so something is clearly
wrong. Assuming all major Linux, BSD, OSX, and Windows OS's randomize
this then Nmap shouldn't include the information or should warn the
user about how inaccurate it is.
However, it could be that Windows, a version of BSD, or some other
major OS doesn't currently randomize this. In this hypothetical case
OS detection could be used to determine if the uptime is good or not
and display it based on that - defaulting to not display it. Though
this may be difficult to code and error prone.
Cheers,
Michael
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
