Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4791
Views
0
Helpful
4
Replies

TCP Time stamp Vulnerability issue

maruthu777
Level 1
Level 1

‎12-18-2016 07:33 PM - edited ‎03-10-2019 06:44 AM

Hello Everyone, 

I am using Huawei firewall and windows server 2012 R2 operating system in our environment, When we do vulnerability scanning through Nexpose scanner, It shows TCP time stamp vulnerability. When i try to disable in OS level, But cannot. Also Hauwei firewall also cannot solve TCP Timestamp Vulnerability. So we wish to change firewall to CISCO ASA 5525X.

Before changing, Whether CISCO firewall can solve TCP timestamp issue? 

Thanks

Maruthu

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Pranay Prasoon
Level 3
Level 3

‎12-21-2016 08:49 PM

Hi,

Do you have any vulnerability CVE ID? It will be very difficult to predict a solution with this info. 

Although, for the RFC 1323 Timestamp leak, you can disable the timestamps.
You will find the instructions below.

Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2
 http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_tcpnorm.html

Remote service implements TCP timestamps
 https://supportforums.cisco.com/discussion/11015136/remote-service-implements-tcp-timestamps

0 Helpful

maruthu777
Level 1
Level 1
In response to Pranay Prasoon

‎12-21-2016 09:53 PM

Hi Prasoon,

Thanks for the reply. I do not have any CVE ID, but we did vulnerability scanning through rapid 7 nexpose. vulnerability report say that RFC 1323 timestamp.

0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to maruthu777

‎12-21-2016 10:48 PM

Well that's very generic. I guess above two links should help you.

0 Helpful

Ravi Singh
Level 7
Level 7

‎12-22-2016 12:51 AM

Please check if you add the Tcp1323Opts registry key as follows:

Tcp1323Opts

Key: Tcpip\Parameters

Value Type: REG_DWORD—number (flags)

Valid Range: 0 or 2

0 (disable the use of the TCP timestamps option)
2 (enable the use of the TCP timestamps option)


Default: No value.

Description: This value controls the use of the RFC 1323 TCP Timestamp option. The default behavior of the TCP/IP stack is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment.

For more information about TCP/IP Registry Values, you could access this link:

http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/tcpip_reg.doc

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card