Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Disabling TCP and ICMP Timestamps for Better Security and Privacy

Disable TCP Timestamps[edit]

Introduction[edit]

The downside of TCP timestamps is adversaries can remotely calculate the system uptime and boot time of the machine and the host's clock down to millisecond precision. These calculated uptimes and boot times can also help to detect hidden network-enabled operating systems, as well as link spoofed IP and MAC addresses together and more. ^{[1] [2]}

To prevent this information leaking to an adversary, it is recommended to disable TCP timestamps on any operating systems in use. The less information available to attackers, the better the security.

Kicksecure[edit]

Disabled in Kicksecure by default. If using Kicksecure as a host operating system, there is nothing to do. Otherwise, see rest of this page.

Qubes[edit]

TCP timestamps are disabled by default in Qubes R3.1 and above. ^[3]

Disable ICMP Timestamps[edit]

Introduction[edit]

The Internet Control Message Protocol (ICMP) is used by network devices, including routers, to send operational information and error messages such as whether a service is available or if a host/router cannot be reached. Unlike TCP and UDP, it is a network level, not transport layer protocol. Commonly used network utilities are based on ICMP messages, such as traceroute and ping. ^[4]

The ICMP protocol includes timestamps for time synchronization, with the originating timestamp being set to the time (in milliseconds since midnight) since the sender last touched the packet. A timestamp reply is also generated, consisting of the originating timestamp (sent by the sender) as well as a "receive timestamp", which captures when the timestamp was received and a reply sent. ICMP sometimes used to give further info and advancing some attacks for e.g check BPFdoor.

Kicksecure[edit]

Disabled in Kicksecure by default. If using Kicksecure as a host operating system, there is nothing to do. Otherwise, see rest of this chapter.

Qubes[edit]

ICMP timestamps are disabled by default in Qubes R3.1 and above. ^[5]

References[edit]

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!