Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


TCP timestamp response

'The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps.'

ClearCenter response

ClearCenter is currently investigating this claim.

Short response

TCP timestamps are an integral part of the reliability of the TCP network stack. Disabling timestamps can cause increased load on a system to ensure reliability and is often incompatible with systems such as NAT. Unless this is a hard requirement and the stakeholders understand the downsides, we recommend leaving timestamps alone.

Long response

TCP timestamps are an integral part of the reliability of the TCP network stack. As detailed in RCF1323, TCP timestamps are designed to “improve performance over large bandwidth*delay product paths and to provide reliable operation over very high-speed paths”. Most connections these days fall under the 'high-speed' paradigm. Disabling timestamps can cause increased load on a system to ensure reliability and is often incompatible with systems such as NAT. If the target system is involved with providing NAT or would ever be used behind NAT, TCP timestamps should NOT be used. Unless this is a hard requirement and the stakeholders understand the downsides, we recommend leaving timestamps parameter alone.

Resolution

As mentioned, ClearCenter recommends against disabling TCP timestamps. If you have to do it here are following are the steps that you must take.

We do NOT recommend disabling TCP timestamps. Please review the entirety of the document before proceeding with disabling TCP timestamps.

To activate immediately, run:

sysctl net.ipv4.tcp_timestamps=0

To make this change persistent on reboots, follow the guide appropriate to your OS below.

ClearOS 7

Modify the following file:

/etc/sysctl.d/timestamp-disable.conf

Add the following line

sysctl net.ipv4.tcp_timestamps=0

ClearOS 7

Modify the following file:

/etc/sysctl.conf

Add the following line to the end of the file:

sysctl net.ipv4.tcp_timestamps=0
content/en_us/kb_3rdparty_rapid_7_tcp_timestamp_response.txt · Last modified: 2018/10/02 14:40 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_3rdparty_rapid_7_tcp_timestamp_response&1569165152