Vulnerability Scanning - TCP timestamp response

victort · ‎01-17-2019

Hi All,

I would like to ssek your assistance on the following vunerability:

TCP timestamp response (generic-tcp-timestamp)

Description:

The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps.

Is there any documentation or guide to disable the TCP timestamp on Infoblox appliances? Is this the best practise recommended by Infoblox?

Thanks,

Victor

DRudder · ‎01-18-2019

I believe the feature to disable TCP timestamps is coming in nios 8.4.

I would a suggest contacting your SE for more info on this feature and the pros and cons to using it.

DRudder · ‎01-18-2019

This is RFE-1174 for those interested. This feature was included in the NIOS 8.4-EA code so it is pretty safe to say it will be delivered as part of the GA NIOS 8.4.0 release.

timpaines · ‎01-19-2019

This is absolutely true that the TCP timestamp response can be used to approximate the remote host's uptime.

victort · ‎01-21-2019

Thanks for the info.

THE GAME HAS CHANGED

NIOS DNS DHCP IPAM

Vulnerability Scanning - TCP timestamp response

Re: Vulnerability Scanning - TCP timestamp response

Re: Vulnerability Scanning - TCP timestamp response

Re: Vulnerability Scanning - TCP timestamp response

Re: Vulnerability Scanning - TCP timestamp response