TCP timestamps on some (but not all?) of our CentOs hosts are being
reported as a vulnerability by OSSIM. I have looked into the matter
briefly and cannot say that I consider this a serious security issue.
The vulnerability seems limited to determining the uptime of the
target host. The question therefore arises as to whether or not there
is any way to reset the tcp timestamp present value to zero or some
randomly determined value. If not then what are the technical
impediments?
I am cognisant of the role of tcp timestamps in handling serial number
rollovers. However, since the timestamp itself also must rollover,
given sufficient uptime (~288 days I believe I read), what prevents
one from manually forcing that event? Is there such a means provided
in CentOS6?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
