Forum Discussion
Hamza
Cirrus
CirrusImpact of disabling TCP Timestamp in TCP and fasl4 profile
Hello,
We have conduction a recent PCI scan which identified TCP timestamp as a risk.
I would like to know the impact of disabling tcp timestamp in tcp and fastl4 profiles for clinet and sever side.
Thanks
- Mike757
MVP
Totally aggre with Paulius. TCP timestamps exist for a reason, and disabling them might degrade performance in a way that would be much more harmful than some exploit that would use those timestamps.
Your risk assessment probably said something like "low risk" but didn't provide much more information, right? Well, the truth is you can't exploit timestamps directly, but they can be used to gather a little more information on a possible target, like operating system or uptime. Keep your systems patched for high/medium security risks and you won't have to worry about this kind of thing.
Here are some useful links:
https://www.ietf.org/rfc/rfc1323.txt
https://raxis.com/blog/2018/06/04/goodies-for-hoodies-tcp-timestamps
https://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp
https://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp/
/Mike
GajjiCirrostratus
It have a few impacts on both the client and server side.
1)it may affect the accuracy of RTT measurements, which can be used by TCP to adjust its congestion
control algorithms.
2)Another impact is that it can help in avoiding information leakage through the timestamp
fields which could be used for tracking or fingerprinting the systems.
- Gajji
Yes, it is possible to disable TCP timestamp .It help improve security by making it more difficult for attackers to perform certain types of attacks, such as TCP sequence prediction.
Also important to note :
that disabling TCP timestamp may cause some performance issues, particularly for applications that rely on precise timing. Therefore, it is important to thoroughly test the impact of disabling TCP timestamp before making this change in a production environment.
