TCP timestamp response
'The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps.'
ClearCenter response
ClearCenter is currently investigating this claim.
Short response
TCP timestamps are an integral part of the reliability of the TCP network stack. Disabling timestamps can cause increased load on a system to ensure reliability and is often incompatible with systems such as NAT. Unless this is a hard requirement and the stakeholders understand the downsides, we recommend leaving timestamps alone.
Long response
TCP timestamps are an integral part of the reliability of the TCP network stack. As detailed in RCF1323, TCP timestamps are designed to “improve performance over large bandwidth*delay product paths and to provide reliable operation over very high-speed paths”. Most connections these days fall under the 'high-speed' paradigm. Disabling timestamps can cause increased load on a system to ensure reliability and is often incompatible with systems such as NAT. If the target system is involved with providing NAT or would ever be used behind NAT, TCP timestamps should NOT be used. Unless this is a hard requirement and the stakeholders understand the downsides, we recommend leaving timestamps parameter alone.
Resolution
As mentioned, ClearCenter recommends against disabling TCP timestamps. If you have to do it here are following are the steps that you must take.
To activate immediately, run:
sysctl net.ipv4.tcp_timestamps=0
To make this change persistent on reboots, follow the guide appropriate to your OS below.
ClearOS 7
Modify the following file:
/etc/sysctl.d/timestamp-disable.conf
Add the following line
sysctl net.ipv4.tcp_timestamps=0
ClearOS 7
Modify the following file:
/etc/sysctl.conf
Add the following line to the end of the file:
sysctl net.ipv4.tcp_timestamps=0