Disable TCP and ICMP Timestamps
Disable TCP Timestamps
The downside of TCP timestamps is adversaries can remotely calculate the system uptime and boot time of the machine and the host's clock down to millisecond precision. These calculated uptimes and boot times can also help to detect hidden network-enabled operating systems, as well as link spoofed IP and MAC addresses together and more.  
To prevent this information leaking to an adversary, it is recommended to disable TCP timestamps on any operating systems in use. The less information available to attackers, the better the security.
Disabled in Kicksecure ™ by default. If using Kicksecure ™ as a host operating system, there is nothing to do. Otherwise, see rest of this page.
TCP timestamps are disabled by default in Qubes R3.1 and above. 
Disable ICMP Timestamps
The Internet Control Message Protocol (ICMP) is used by network devices, including routers, to send operational information and error messages such as whether a service is available or if a host/router cannot be reached. Unlike TCP and UDP, it is a network level, not transport layer protocol. Commonly network utilities are based on ICMP messages, such as traceroute and ping. 
The ICMP protocol includes timestamps for time synchronization, with the originating timestamp being set to the time (in milliseconds since midnight) since the sender last touched the packet. A timestamp reply is also generated, consisting of the originating timestamp (sent by the sender) as well as a "receive timestamp", which captures when the timestamp was received and a reply sent . ICMP sometimes used to give further info and advancing some attacks for e.g check BPFdoor.
Disabled in Kicksecure ™ by default. If using Kicksecure ™ as a host operating system, there is nothing to do. Otherwise, see rest of this chapter.
ICMP timestamps are disabled by default in Qubes R3.1 and above. 
It may also be predictable based on system uptime, which is visible to remote attackers via TCP timestamps.