10-10-2014 10:21 AM - edited 03-11-2019 09:54 PM
On my ASA 5520 with version 9.1(2)8 I am getting a warning about tcp timestamps when running the external security scan.
" It was detected that the host implements RFC1323"
Solution = Disable TCP timestamps
Please correct me if I am wrong, from what I can tell the security issues in RFC1323 have been fixed by RFC1948 and that has been obsoleted by RFC6528. But RFC1323 has been obsoleted by RFC7323, though RFC7323 was just released this September.
What should I do to eliminate my risk? Can I configure something on the ASA to use RFC1948 or 6528? Do I just have to disable tcp timestamps all together?
I found this page on clearing tcp timestamps but that disables PAWS
thanks for any advice
10-10-2014 09:44 PM
Hi,
You would have to disable the time stamp to check for this RFC1323.
Check this on how to do it on the ASA device:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/conns_connlimits.html
Also check this for more information:-
http://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp
Thanks and Regards,
Vibhor Amrodia
10-12-2014 08:47 PM
I have done some more reading and found a couple of things about TCP Normalization and Randomization that can be configured on the ASA. Does anyone have any experience with that? Maybe it will help?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide