Disable TCP and ICMP Timestamps

From Kicksecure
Jump to navigation Jump to search

Disabling TCP and ICMP Timestamps for Better Security and Privacy

Disable TCP Timestamps[edit]

Introduction[edit]

Info TCP timestampsarchive.org provide protection against wrapped sequence numbersarchive.org.

The downside of TCP timestamps is adversaries can remotely calculate the system uptime and boot time of the machine and the host's clock down to millisecond precision. These calculated uptimes and boot times can also help to detect hidden network-enabled operating systems, as well as link spoofed IP and MAC addresses together and more. [1] [2]

To prevent this information leaking to an adversary, it is recommended to disable TCP timestamps on any operating systems in use. The less information available to attackers, the better the security.

Kicksecure[edit]

Disabled in Kicksecure by default. If using Kicksecure as a host operating system, there is nothing to do. Otherwise, see rest of this page.

Qubes[edit]

TCP timestamps are disabled by default in Qubes R3.1 and above. [3]

Disable ICMP Timestamps[edit]

Introduction[edit]

The Internet Control Message Protocol (ICMP) is used by network devices, including routers, to send operational information and error messages such as whether a service is available or if a host/router cannot be reached. Unlike TCP and UDP, it is a network level, not transport layer protocol. Commonly used network utilities are based on ICMP messages, such as traceroute and ping. [4]

The ICMP protocol includes timestamps for time synchronization, with the originating timestamp being set to the time (in milliseconds since midnight) since the sender last touched the packet. A timestamp reply is also generated, consisting of the originating timestamp (sent by the sender) as well as a "receive timestamp", which captures when the timestamp was received and a reply sent. ICMP sometimes used to give further info and advancing some attacks for e.g check BPFdoorarchive.org.

Kicksecure[edit]

Disabled in Kicksecure by default. If using Kicksecure as a host operating system, there is nothing to do. Otherwise, see rest of this chapter.

Qubes[edit]

ICMP timestamps are disabled by default in Qubes R3.1 and above. [5]

References[edit]

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!