hi, After looking at RFC1323 below http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1323.html#sec-4 the only reasonable option is to use the time old pseudorandom numbers for TCP sequence numbers in the TCP IP stack. Another option would be to synchronize the client with NTP but that wouldn't work either.Say that the client clock can be updated ever one millisecond. However the minimum network delay between the time server and the client is usually 300ms to 800 ms.During this period a large number of outboud packets are send from the client depending on the speed at which the client is blasting away. There are plenty of packets to analyze for the attacker to determine the skew. Sarad. --- Eugen Leitl <eugen@leitl.org> wrote:

----- Forwarded message from Eugen Leitl <eugen@leitl.org> -----

From: Eugen Leitl <eugen@leitl.org> Date: Fri, 4 Mar 2005 18:28:27 +0100 To: transhumantech@yahoogroups.com Subject: [>Htech] Tracking a Specific Machine Anywhere On The Net User-Agent: Mutt/1.4i Reply-To: transhumantech@yahoogroups.com

Link: http://slashdot.org/article.pl?sid=05/03/04/1355253 Posted by: Zonk, on 2005-03-04 16:45:00

from the not-the-sandra-bullock-movie dept. An anonymous reader writes "An article on ZDNet Australia tells of a new technique developed at CAIDA that involves using the individual machine's clock skew to [1]fingerprint it anywhere on the net." Possible uses of the technique include "tracking, with some probability, a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts (for example, as part of a virtual honeynet), and unanonymising anonymised network traces."

References

1.

http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm

----- End forwarded message -----

How to track a PC anywhere it connects to the Net

Renai LeMay, ZDNet Australia March 04, 2005 URL:

http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm

__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/