Disable TCP timestamps on Linux

updated:  09/2018

2018-09-06 11_28_54-Selection_001b.png

Ref: https://www.exploresecurity.com/testing-for-tcp-ip-timestamps/

 

It is possible to estimate the current uptime of a Linux machine remotely. It's preferable to disable TCP timestamps on your systems. The less information attackers can get, the better of you are.

Sysctl

To dynamically disable TCPtime stamping,run the following command:

root@thunderchicken:~# echo 0 > /proc/sys/net/ipv4/tcp_timestamps

To make that change permanent though, you need to add the following line to /etc/sysctl.conf:

net.ipv4.tcp_timestamps = 0

IPTables

To be on the safe side, add the following 2 lines to your firewall script:

iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP

iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP

 

Simple real time script to audit your systems:

#!/bin/bash
subject="PCI-TEST 251"
FILEOUT=/tmp/251.out
hostname=`hostname | sed -e 's/\..*$//'`
mailto="technik@somedomain.de"
/bin/rm -if $FILEOUT
echo " Rescan audit Ref: 2.51 - Responding to TCP timestamp queries. " >> $FILEOUT
echo " Using such duration requests, the so-called "uptime" of a system can be determined. A high "Uptime" allows conclu
sions on not installed kernel patches, as each kernel update is accompanied by a restart of the system and thus a reset
of Uptime. "  >> $FILEOUT
while read line; do
    echo $line    >> $FILEOUT
        LL=`echo $line | cut -d":" -f1`
        NN=`echo $line | cut -d":" -f2`
                hping3 $LL  --tcp-timestamp -c 5 -S -p $NN      >> $FILEOUT  2>&1
    echo "-----------------------------------------------------------------------------------------" >> $FILEOUT
done < 251.txt

Enjoying the vacation in Oregon.

We have finally mad it to Oregon.  From Portland (PDX) to the Pacific Coast HWY 101.  We even had time to enjoy Blueberries from the garden.  More pictures will follow.  Enjoy.

Collecting old pictures

Taking new pictures is one thing, collecting old once is also a interesting task.  I have many pictures from my own family, dating back to the turn of the 20th century or even older.  Some pictures are public domain or others have been given to me, where it is not clear anymore who has taken them.  Anyway, it is fun to restore them to there old glory and to find unexpected views.

Getting started

This is my new presence in the digital world.  My webpage was originally "tmltechnologies.com", but I was moving away from publishing computer related information.  There are much better sites for Computer "stuff".  I wanted to build a "Outlet" for my passion, the photography.  It has become a much more dominate part in my life then many years ago.  So lets start...

DSC00624.acr.jpeg