Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Go to solution
Hamza
Cirrus
Cirrus

‎19-Jan-2023 08:24

Hello,

We have conduction a recent PCI scan which identified TCP timestamp as a risk.

I would like to know the impact of disabling tcp timestamp in tcp and fastl4 profiles for clinet and sever side.

Thanks

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Paulius
MVP
MVP

‎19-Jan-2023 11:23 - edited ‎19-Jan-2023 11:26

@Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.

View solution in original post

5 REPLIES 5

Go to solution
Paulius
MVP
MVP

‎19-Jan-2023 11:23 - edited ‎19-Jan-2023 11:26

@Hamza from my understanding this would make it so if you were looking at a tcpdump you wouldn't be able to accurately record the round trip time for communication back and forth as well as anything that uses the timestamp to adjust the receive window or transmit buffer.

Go to solution
Mike757
MVP
MVP

‎23-Jan-2023 02:04

Totally aggre with Paulius. TCP timestamps exist for a reason, and disabling them might degrade performance in a way that would be much more harmful  than some exploit that would use those timestamps.

Your risk assessment probably said something like "low risk" but didn't provide much more information, right? Well, the truth is you can't exploit timestamps directly, but they can be used to gather a little more information on a possible target, like operating system or uptime. Keep your systems patched for high/medium security risks and you won't have to worry about this kind of thing.

Here are some useful links:

https://www.ietf.org/rfc/rfc1323.txt

https://raxis.com/blog/2018/06/04/goodies-for-hoodies-tcp-timestamps

https://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp

https://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp/

/Mike

Go to solution
Gajji
Cirrostratus
Cirrostratus

‎24-Jan-2023 21:41

It have a few impacts on both the client and server side. 

1)it may affect the accuracy of RTT measurements, which can be used by TCP to adjust its congestion 

control algorithms. 

2)Another impact is that it can help in avoiding information leakage through the timestamp

 fields which could be used for tracking or fingerprinting the systems.

0 Kudos

Go to solution
Hamza
Cirrus
Cirrus

‎26-Jan-2023 01:33

Hello @Gajji @Mike757 @Paulius,

Thank you.

I have a another question please, can i disable tcp timestamp in communication between Admin user and interface of management?

 

0 Kudos

Go to solution
Gajji
Cirrostratus
Cirrostratus
In response to Hamza

‎11-Apr-2023 00:39

Yes, it is possible to disable TCP timestamp .It help improve security by making it more difficult for attackers to perform certain types of attacks, such as TCP sequence prediction.

Also important to note :

 that disabling TCP timestamp may cause some performance issues, particularly for applications that rely on precise timing. Therefore, it is important to thoroughly test the impact of disabling TCP timestamp before making this change in a production environment.

0 Kudos
Copyright © 2023 Khoros, LLC