cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1789
Views
0
Helpful
2
Replies
Participant

NX-OS disabled tcp timestamps

Does anyone know the NX-OS equivalent of the IOS command 'no ip tcp timestamp'? This would be to disable tcp timestamps so an attacker cannot gather system uptime.

Thanks.

Everyone's tags (4)
2 REPLIES 2
Highlighted
Hall of Fame Guru

NX-OS disabled tcp timestamps

I don't believe it can be disabled.

As you've noted, the command is not available in NX-OS. Furthermore, there doesn't appear to be any equivalent recommended in Cisco's guide to securing NX-OS. One can only assume that Cisco does not consider it to be a vulnerability.

I checked by scanbing a Nexus 5548UP just now (with the latest NX-OS 5.2(1)N1 installed) and nmap was able to get a close estimate of the actual system uptime (varied by a couple of days from that reported from the device's CLI).

Highlighted
Beginner

Re: NX-OS disabled tcp timestamps

If Cisco do not consider it as a vulnerability and there are chances that by knowing the system time device can be exploited then why doesn't Cisco do anything about it. 

 

Our scanner is also reporting the same TCP timestamp response vulnerability. Please someone provide us  solution towards it.