Forum Discussion
Impact of disabling TCP Timestamp in TCP and fasl4 profile
Hello,
We have conduction a recent PCI scan which identified TCP timestamp as a risk.
I would like to know the impact of disabling tcp timestamp in tcp and fastl4 profiles for clinet and sever side.
Thanks
Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.
Totally aggre with Paulius. TCP timestamps exist for a reason, and disabling them might degrade performance in a way that would be much more harmful than some exploit that would use those timestamps.
Your risk assessment probably said something like "low risk" but didn't provide much more information, right? Well, the truth is you can't exploit timestamps directly, but they can be used to gather a little more information on a possible target, like operating system or uptime. Keep your systems patched for high/medium security risks and you won't have to worry about this kind of thing.
Here are some useful links:
https://www.ietf.org/rfc/rfc1323.txt
https://raxis.com/blog/2018/06/04/goodies-for-hoodies-tcp-timestamps
https://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp
https://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp/
/Mike
Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.
- GajjiCirrostratus
It have a few impacts on both the client and server side.
1)it may affect the accuracy of RTT measurements, which can be used by TCP to adjust its congestion
control algorithms.
2)Another impact is that it can help in avoiding information leakage through the timestamp
fields which could be used for tracking or fingerprinting the systems.
- HamzaCirrus
- GajjiCirrostratus
Yes, it is possible to disable TCP timestamp .It help improve security by making it more difficult for attackers to perform certain types of attacks, such as TCP sequence prediction.
Also important to note :
that disabling TCP timestamp may cause some performance issues, particularly for applications that rely on precise timing. Therefore, it is important to thoroughly test the impact of disabling TCP timestamp before making this change in a production environment.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com