L
Louis CK Leung
I use Openvas to scan the Windows server 2012R2
and get vulnerability, TCP Timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Vulnerability Detection Result
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 1487459
Packet 2: 1487560
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Affected Software/OS
TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight
The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 10411 $
References
Other: http://www.ietf.org/rfc/rfc1323.txt
I have tested the method below
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
But it does NOT work,
Since it stated "Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled."
Also, I have searched in the Internet, it seems that Windows 2012 cannot disable the timestamp
Is it true, or
Is it anyway to disable the timestamp?
Thx a lot
Continue reading...
and get vulnerability, TCP Timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Vulnerability Detection Result
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 1487459
Packet 2: 1487560
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Affected Software/OS
TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight
The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 10411 $
References
Other: http://www.ietf.org/rfc/rfc1323.txt
I have tested the method below
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
But it does NOT work,
Since it stated "Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled."
Also, I have searched in the Internet, it seems that Windows 2012 cannot disable the timestamp
Is it true, or
Is it anyway to disable the timestamp?
Thx a lot
Continue reading...