cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5332
Views
0
Helpful
3
Replies

NX-OS disabled tcp timestamps

Josh Morris
Level 3
Level 3

Does anyone know the NX-OS equivalent of the IOS command 'no ip tcp timestamp'? This would be to disable tcp timestamps so an attacker cannot gather system uptime.

Thanks.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

I don't believe it can be disabled.

As you've noted, the command is not available in NX-OS. Furthermore, there doesn't appear to be any equivalent recommended in Cisco's guide to securing NX-OS. One can only assume that Cisco does not consider it to be a vulnerability.

I checked by scanbing a Nexus 5548UP just now (with the latest NX-OS 5.2(1)N1 installed) and nmap was able to get a close estimate of the actual system uptime (varied by a couple of days from that reported from the device's CLI).

If Cisco do not consider it as a vulnerability and there are chances that by knowing the system time device can be exploited then why doesn't Cisco do anything about it. 

 

Our scanner is also reporting the same TCP timestamp response vulnerability. Please someone provide us  solution towards it.

SunnySingh88890
Level 1
Level 1

Our scanner detected TCP timestamp response vulnerability on Nexus 7K running 8.4(3) code, yet Cisco stated switch is not affected with it. Nor provided with any evidence whether the switch is affected or not. 

Anyone found workarounds? Please share!!

 

Thanks,

Sunny

Review Cisco Networking for a $25 gift card