Bruce Klein wrote:
> How does this compare with [Prs2002] Clock Deviation/Skew as a
> Forensics/Tracking Tool research done by Tadayoshi Kohno.
>
> http://www.cse.ucsd.edu/users/tkohno/
>
>
> Bruce Klein
> iovation, Inc.
>
Hello Bruce,
I think the way he took the problem is much simpler than in this paper
(and it gathers less informations about the hosts, too). The technique
is described in this paper from Bret Mc Danel :
http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remot
ely.html,
who was kind enough to point us to it (we need to update the paper to
give him the credit he deserves), the paper & tool use the statistical
differences between the timestamps to separate services behind a
screening router doing NAT, allowing network mapping behind a firewall,
not fingerprinting of a single computer.
> How does this compare with [Prs2002] Clock Deviation/Skew as a
> Forensics/Tracking Tool research done by Tadayoshi Kohno.
>
> http://www.cse.ucsd.edu/users/tkohno/
>
>
> Bruce Klein
> iovation, Inc.
>
Hello Bruce,
I think the way he took the problem is much simpler than in this paper
(and it gathers less informations about the hosts, too). The technique
is described in this paper from Bret Mc Danel :
http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remot
ely.html,
who was kind enough to point us to it (we need to update the paper to
give him the credit he deserves), the paper & tool use the statistical
differences between the timestamps to separate services behind a
screening router doing NAT, allowing network mapping behind a firewall,
not fingerprinting of a single computer.
Erwan
[ reply ]