This is a plugin I had wanted to write for a long time, but unixtime() has only just become available. A few observations .... (a) Some Cisco products seem to set the top bit in the first byte of the response to the ICMP timestamp query. (b) Could the actual time of day (local and remote) be reported in the results. (c) In other areas, scripts only check one thing. This would mean that each route for recovering the remote time should be a separate script. (d) The HTTP test may need to test both 80 and 443 as they could return different results. So this become a general test on all web server ports. (e) The SMTP banner often includes the date and time. Dennis. ----- Original Message ----- From: "Martin O'Neal" <martin.oneal@private> Sent: 24/09/2004 14:59:50 Subject: RE: [Plugins-writers] Unsynchronised clock detection > > > The current code actually checks for 3 drifts : one in ICMP, one in > > NTP and one in HTTP. It's a safe bet to assume that the remote host > > is constistent with itself, and exit after the first answer we get > > (ie: if the ICMP timestamp is correct, exit right away instead of > > trying NTP and HTTP). > > The first incarnation was like this, but got rewritten because it is not > that unusual to have a single IP address which is assigned to a > firewall/NAT host protecting multiple web servers on different ports. > This would mean that there might be multiple real hosts (and stray > clocks) behind a single address; the test results then have interesting > implications... > > Martin... > _______________________________________________ > Plugins-writers mailing list > Plugins-writers@private > http://mail.nessus.org/mailman/listinfo/plugins-writers > _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Sep 24 2004 - 08:00:15 PDT