How can i disable TCP_TIMESTAMP response from F5?
We have conduction a recent PCI scan which identified TCP timestamp response as a risk.
We disabled this option in our internet facing web hosts but we are still getting a risk alarm.
-
I have looked in F5 tcp option and we have TCP profile setting called " Extensions for High Performance " enabling the TCP timestap response. Is this OK to disable to manage this risk and is there a high performance sacrifice on doing that?
-
Also I looked in the BIGIP linux host and we have [User@LTM-HOST:Active:Changes Pending] ~ grep net.ipv4.tcp_timestamps /etc/sysctl.conf net.ipv4.tcp_timestamps = 1
What does this option play in the role of TCP timestamp response? Can we disable this? If you can clarify about this option it would be great :)
Thanks, - Rony
Vulnerability: TCP timestamp response
Diagnosis: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behaviour of their TCP timestamps.