Dear André
Ignore this crap. Really.
We do 1-2 external security audits per year and I’ve seen incredible crap in those reports. My favorites are things like “Hostname mail.domain.com suggests this is a mail server. Consider changing it to something not so obvious.” and a few lines further down: “Detected open port 25 on server mail.domain.com. Attackers could abuse this knowledge. Consider changing the port to something else”, etc.. The worst I ever encountered was that in the report they were complaining, that there’s a firewall in place that blocks ports and/or certain ICMP types... :-O
During the last few years I’ve learned, that these things are more or less unchanged output copy/pastes from automated hacking tools. If an audit company does not filter out such crap, you might as well consider changing your provider.
One more: “Server with IP x.x.x.x with DNS name www.domain.com http://www.domain.com responds to Port 80” (not mentioning, that the only answer from Port 80 is a redirect to the respective https website).
If you need some recommendations, contact me off-list.
Kind regards,
Viktor
Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Andre Keller Gesendet: Donnerstag, 10. März 2016 17:12 An: swinog@lists.swinog.ch Betreff: [swinog] TCP timestamps
Dear fellow SwiNOGers,
in the last few months we had several security audits and all of them proposed to disable tcp timestamps. (i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping).
What do you guys think about this?
Regards André