topic I have done some more reading in Network Security

TCP timestamps security vulnerabilities

BrianEschen — Tue, 12 Mar 2019 04:54:18 GMT

On my ASA 5520 with version 9.1(2)8 I am getting a warning about tcp timestamps when running the external security scan.

" It was detected that the host implements RFC1323"

Solution = Disable TCP timestamps

Please correct me if I am wrong, from what I can tell the security issues in RFC1323 have been fixed by RFC1948 and that has been obsoleted by RFC6528. But RFC1323 has been obsoleted by RFC7323, though RFC7323 was just released this September.

What should I do to eliminate my risk? Can I configure something on the ASA to use RFC1948 or 6528? Do I just have to disable tcp timestamps all together?

I found this page on clearing tcp timestamps but that disables PAWS

thanks for any advice

Hi,You would have to disable

Vibhor Amrodia — Sat, 11 Oct 2014 04:44:21 GMT

Hi,

You would have to disable the time stamp to check for this RFC1323.

Check this on how to do it on the ASA device:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/conns_connlimits.html

Also check this for more information:-

http://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp

Thanks and Regards,

Vibhor Amrodia

I have done some more reading

BrianEschen — Mon, 13 Oct 2014 03:47:45 GMT

I have done some more reading and found a couple of things about TCP Normalization and Randomization that can be configured on the ASA. Does anyone have any experience with that? Maybe it will help?