Vulnerability description:
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Low general/tcp
2 RESULTS PER HOST 10
Low (CVSS: 2.6)
NVT: TCP timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Vulnerability Detection Result
It was detected that the host implements RFC1323/RFC7323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 691962272
Packet 2: 691963348
Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.
Solution:
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.
Aected Software/OS
TCP implementations that implement RFC1323/RFC7323.
Vulnerability Insight
The remote host implements TCP timestamps, as dened by RFC1323/RFC7323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps
OID:1.3.6.1.4.1.25623.1.0.80091
Version used: 2020-08-24T08:40:10Z
Solution: Add it in /etc/sysctl.conf according to the prompt net.ipv4.tcp_timestamps = 0 , and then execute sysctl -p to set it into the running environment.
vi /etc/sysctl.conf
Add the following content
net.ipv4.tcp_timestamps = 0
then execute
sysctl -p