On Thu, 5 Jul 2001, Jarno Huuskonen wrote: > What methods could attacker use to determine the time on the server ? > Use ntp if the server has ntp-server... What about tcp-timestamps > could they be used for determining the time ? no need to even go that far. just look (manually) through your HTTP return headers: $ telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. head / http/1.0 HTTP/1.1 501 Method Not Implemented Date: Thu, 05 Jul 2001 15:16:04 GMT [snip] :) now you know the time and the delta from you down to the second. you know the rest. it turns out the the method commonly employed by PHP apps for 'random filenames' isn't so random after all (MD5 of user supplied input concatenated with the time, ie a hash of a known with something deterministic). ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 23:17:23 PDT