10 Mar
2016
10 Mar
'16
5:28 p.m.
On 2016-03-10 17:12, Andre Keller wrote:
Dear fellow SwiNOGers,
in the last few months we had several security audits and all of them proposed to disable tcp timestamps.
Did they also state why? :)
(i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping).
You might want to read up on: http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf
What do you guys think about this?
It all depends on what you are "protecting" yourself from.
Think about it: if it was a huge security issue, it would be disabled per default ;)
It is primarily a obfuscation technique that primarily hides if you did upgrade your kernel recently...
Greets, Jeroen