10 Mar
2016
10 Mar
'16
6:21 p.m.
❦ 10 mars 2016 17:12 +0100, Andre Keller ak@list.ak.cx :
in the last few months we had several security audits and all of them proposed to disable tcp timestamps. (i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping).
What do you guys think about this?
By disabling it, the effective bandwidth of the TCP connections may decrease quite a bit (much of RFC7323 relies on timestamps) and you deprive yourself of some interesting workarounds when handling many connections (RFC 1337 and the likes).
--
Soap and education are not as sudden as a massacre, but they are more
deadly in the long run.
-- Mark Twain