RE: TCP Timestamp Vulnerability

["Richard Sass" <richard.sass%seqent.com@localhost>]

	"The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can be
sometimes be computed."

Additional: http://www.securiteam.com/securitynews/5NP0C153PI.html

I think the thought behind this is that if a person can determine the uptime
of a system then this might be additional information that could be used to
target an attack. For example: if a system has been up for a year then it
probably hasn't been patched with recent security patches giving the
attacker another piece of information on how to attack the system. I'm not
sure if there may be more to it than that.

-----Original Message-----
From: Manuel Bouyer [mailto:bouyer%antioche.eu.org@localhost] 
Sent: Wednesday, March 28, 2018 9:09 AM
To: Richard Sass <richard.sass%seqent.com@localhost>
Cc: netbsd-users%netbsd.org@localhost
Subject: Re: TCP Timestamp Vulnerability

On Wed, Mar 28, 2018 at 07:44:56AM -0400, Richard Sass wrote:
> McAffe's Technical article KB78776  -
> https://kc.mcafee.com/corporate/index?page=content
> <https://kc.mcafee.com/corporate/index?page=content&id=KB78776&actp=RSS>
> &id=KB78776&actp=RSS
> 
>  
> 
> .Suggests that there is a low vulnerability issue with TCP Timestamps but
> disabling this could result in performance issues.

They don't explain why this would be a vulnerability issue.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--