IT Security

TCP timestamp response

The remote host responded with a TCP timestamp.

Risk: Low
Likelihood fo Attack: Medium

Why is TCP timestamp response considered a Security Issue?
The TCP timestamp response can be used to approximate the remote host’s uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behaviour of their TCP timestamps.

TCP timestamp response can be used by an attacker to Identify the host Operating systems.
Timestamps can provide an attacker with a means of guessing the operating system of the target. The attacker begins by probing any active TCP service to get a response that contains a TCP timestamp. Different Operating systems update the timestamp value using different intervals. This type of analysis is most accurate when multiple timestamp responses are received and then analyzed.

Solution
Disable TCP timestamp on the host, or add a rule to your internet FireWall to block the TCP timestamp response

Leave a Reply