TCP timestamps on some (but not all?) of our CentOs hosts are being reported as a vulnerability by OSSIM. I have looked into the matter briefly and cannot say that I consider this a serious security issue. The vulnerability seems limited to determining the uptime of the target host. The question therefore arises as to whether or not there is any way to reset the tcp timestamp present value to zero or some randomly determined value. If not then what are the technical impediments? I am cognisant of the role of tcp timestamps in handling serial number rollovers. However, since the timestamp itself also must rollover, given sufficient uptime (~288 days I believe I read), what prevents one from manually forcing that event? Is there such a means provided in CentOS6? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3