Forum Discussion

Hamza's avatar
Hamza
Icon for Cirrus rankCirrus
Jan 19, 2023

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Hello, We have conduction a recent PCI scan which identified TCP timestamp as a risk. I would like to know the impact of disabling tcp timestamp in tcp and fastl4 profiles for clinet and sever side...
security
  • Paulius's avatar
    Paulius
    Jan 19, 2023

    Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.

Mike757's avatar
Mike757
Icon for MVP rankMVP
Jan 23, 2023

Totally aggre with Paulius. TCP timestamps exist for a reason, and disabling them might degrade performance in a way that would be much more harmful  than some exploit that would use those timestamps.

Your risk assessment probably said something like "low risk" but didn't provide much more information, right? Well, the truth is you can't exploit timestamps directly, but they can be used to gather a little more information on a possible target, like operating system or uptime. Keep your systems patched for high/medium security risks and you won't have to worry about this kind of thing.

Here are some useful links:

https://www.ietf.org/rfc/rfc1323.txt

https://raxis.com/blog/2018/06/04/goodies-for-hoodies-tcp-timestamps

https://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp

https://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp/

/Mike