https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565932#M666453 <HTML><HEAD></HEAD><BODY><P>That is good news!</P><P></P><P>Please mark the thread as Answered so that others can benefit in the future.</P><P></P><P>Take care,</P><P>PK</P></BODY></HTML> Tue, 12 Oct 2010 18:28:03 GMT Panos Kampanakis 2010-10-12T18:28:03Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565929#M666450 <P class="MsoNormal" style="margin: 0in 0in 10pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">I trying to stop the RFC 1323 Timestamp leak (Nessus ID 25220), I have add the following commands to our PIX firewall. Test still comeback positive.</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 10pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">access-list 100 deny icmp any any timestamp-request</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 10pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">access-list 100 deny icmp any any timestamp-reply</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 10pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">icmp deny any outside</SPAN></P><P class="MsoNormal" style="margin: 0in 0in 10pt;"><SPAN style="font-family: Calibri; color: #000000; font-size: 12pt;">icmp deny any inside</SPAN></P> Mon, 11 Mar 2019 18:53:18 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565929#M666450 gjohnson1963 2019-03-11T18:53:18Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565930#M666451 <HTML><HEAD></HEAD><BODY><P>You are dropping icmp timestamps. You need to clear the TCP timestamps.</P><P></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpnorm.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpnorm.html</A> explains how, and the config will look like</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>tcp-map tmap</P><P>&nbsp; timestamp&nbsp; clear</P><P>access-list tcp-acl permit tcp any any</P><P>class-map tcp-class</P><P>&nbsp; match access-l tcp-acl</P><P>policy-map pmap</P><P>&nbsp; class ts-class</P><P>&nbsp;&nbsp;&nbsp; set connection advanced-options tmap</P><P>service-policy pmap global</P></PRE><P></P><P>Let us know if it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 12 Oct 2010 14:31:24 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565930#M666451 Panos Kampanakis 2010-10-12T14:31:24Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565931#M666452 <HTML><HEAD></HEAD><BODY><P>Solution worked, thanks.</P><P></P><P></P><P>tcp-map tcp-map-timestamp</P><P>tcp-options timestamp clear</P><P>class-map class-map-timestamp<BR />match any</P><P>policy-map policy-map-timestamp<BR />class class-map-timestamp</P><P>set connection advanced-options tcp-map-timestamp</P><P>service-policy policy-map-timestamp global</P></BODY></HTML> Tue, 12 Oct 2010 17:59:59 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565931#M666452 gjohnson1963 2010-10-12T17:59:59Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565932#M666453 <HTML><HEAD></HEAD><BODY><P>That is good news!</P><P></P><P>Please mark the thread as Answered so that others can benefit in the future.</P><P></P><P>Take care,</P><P>PK</P></BODY></HTML> Tue, 12 Oct 2010 18:28:03 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565932#M666453 Panos Kampanakis 2010-10-12T18:28:03Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565933#M666454 <HTML><HEAD></HEAD><BODY><P>Hi hope everyone is fine. </P><P></P><P>It didnt work for our case. Our vendor simplified to command and after implementing it I still get the TCP timestamp vulnerability for hosts behind the FW. Is this command suppose to clear all TCP timestamp request for hosts behing the FW or is it simply just for the FW?</P><P></P><P><EM>tcp-map tmap-timestamp</EM><SPAN style="font-size: 10pt;"> </SPAN></P><P><EM>&nbsp; tcp-options timestamp clear</EM></P><P> <SPAN style="font-size: 10pt;"> </SPAN></P><P><EM>policy-map global_policy</EM><SPAN style="font-size: 10pt;"> </SPAN></P><P><EM>class global-class</EM><SPAN style="font-size: 10pt;"> </SPAN></P><P><EM>&nbsp; set connection advanced-options tmap-timestamp</EM></P><P></P><P></P><P>Hope anyone can shed some light on what we did wrong or an alternate solution.</P><P>Regards,</P><P>Mon</P></BODY></HTML> Wed, 18 Dec 2013 01:37:42 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/1565933#M666454 Mon-Loi Perez 2013-12-18T01:37:42Z https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/3406839#M666455 <P>Hi Panos,</P> <P>&nbsp;</P> <P><SPAN>I can clear timestamps, using tcp-map, but I've read PAWS is going to be disabled, and this might cause many TCP sessions to be reset,&nbsp;PAWS uses the TCP Timestamps option defined in Section 4 of RF 1323 to protect against old duplicates from the same connection (¿issue to future?).</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://www.ietf.org/rfc/rfc1323.txt" target="_blank">https://www.ietf.org/rfc/rfc1323.txt</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>in other side found that&nbsp;RFC 1948 could solve the Vulnerability, therfore how do you for apply RFC in my Cisco ASA? 5585X (however it is not perfect and it also brings problems)</SPAN></P> <P>&nbsp;</P> <P><SPAN>I remain attentive for your feedback.</SPAN></P> Wed, 27 Jun 2018 22:55:26 GMT https://community.cisco.com/t5/network-security/remote-service-implements-tcp-timestamps/m-p/3406839#M666455 juan soporteco 2018-06-27T22:55:26Z