TCP timestamps serve as temporal markers transmitted by the gateway when a client initiates a TCP connection, offering potential optimizations. While considered non-essential, they can yield enhancements in specific scenarios.
However, these timestamps may become exploitable in certain situations for information gathering on the server (gateway). A common application involves assessing the server's uptime, helping attackers gauge how potential assaults could impact the system's longevity. In LORIX OS, this vulnerability is mitigated, as timestamps are initialized randomly.
Another potential misuse involves deducing information about the system behind a specific endpoint. Yet, on embedded systems, such revelations generally lack substantial value compared to traditional server system architectures.
Disabling TCP timestamps becomes advisable primarily to preempt generic security systems from triggering alerts regarding this potential low-level security vulnerability. This proactive measure aims to avert unnecessary alarms and fortify the overall security posture.
To disable TCP timestamps, onpen a command line interface and run:
echo "net.ipv4.tcp_timestamps=0" | sudo tee -a /etc/sysctl.conf
BASH
Then, restart the gateway.