Forum Discussion

Hamza's avatar
Hamza
Icon for Cirrus rankCirrus
Jan 19, 2023

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Hello,

We have conduction a recent PCI scan which identified TCP timestamp as a risk.

I would like to know the impact of disabling tcp timestamp in tcp and fastl4 profiles for clinet and sever side.

Thanks

 

  • Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.

  • Totally aggre with Paulius. TCP timestamps exist for a reason, and disabling them might degrade performance in a way that would be much more harmful  than some exploit that would use those timestamps.

    Your risk assessment probably said something like "low risk" but didn't provide much more information, right? Well, the truth is you can't exploit timestamps directly, but they can be used to gather a little more information on a possible target, like operating system or uptime. Keep your systems patched for high/medium security risks and you won't have to worry about this kind of thing.

    Here are some useful links:

    https://www.ietf.org/rfc/rfc1323.txt

    https://raxis.com/blog/2018/06/04/goodies-for-hoodies-tcp-timestamps

    https://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp

    https://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp/

    /Mike

  • Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.

  • Gajji's avatar
    Gajji
    Icon for Cirrostratus rankCirrostratus

    It have a few impacts on both the client and server side. 

    1)it may affect the accuracy of RTT measurements, which can be used by TCP to adjust its congestion 

    control algorithms. 

    2)Another impact is that it can help in avoiding information leakage through the timestamp

     fields which could be used for tracking or fingerprinting the systems.

  • Hello Gajji Mike757 Paulius,

    Thank you.

    I have a another question please, can i disable tcp timestamp in communication between Admin user and interface of management?

     

    • Gajji's avatar
      Gajji
      Icon for Cirrostratus rankCirrostratus

      Yes, it is possible to disable TCP timestamp .It help improve security by making it more difficult for attackers to perform certain types of attacks, such as TCP sequence prediction.

      Also important to note :

       that disabling TCP timestamp may cause some performance issues, particularly for applications that rely on precise timing. Therefore, it is important to thoroughly test the impact of disabling TCP timestamp before making this change in a production environment.