Dear fellow SwiNOGers,

in the last few months we had several security audits and all of them proposed to disable tcp timestamps. (i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping).

What do you guys think about this?


Regards
André