Disable TCP timestamp

Vijay K R 6 Reputation points
2020-12-19T11:47:48.47+00:00

Hi,

we are looking for solution to disable the TCP timestamp in Windows server 2012. Reason its vulnerability in security report.

I have run following the command

netsh int tcp set global timestamps=disabled

But still nmap I’m able to see the uptime of the servers. Please let me know is there way to remediate the findings and also whether it leads to performance degradation of the server

Regards
Vijay

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} vote

2 answers

Sort by: Most helpful
  1. Anonymous
    2020-12-21T08:02:34.5+00:00

    Hi,

    Thanks for posting in Q&A platform.

    TCP timestamps are used to improve performance as well as protect against late packets messing up your data flow. If you disable TCP timestamps you should expect worse performance and less reliable connections. This is the case regardless of the method used to disable TCP timestamps.

    Any modifications made to packets by a middlebox can cause additional problems, because TCP endpoints are not required to take such modifications into account.

    TCP timestamps are required to grow monotonically over time. Thus they are necessarily predictable.

    So in general, it is not recommended to disable TCP timestamp option. For more detailed information, please refer to the RFC below:

    TCP Extensions for High Performance

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  2. wolski88 1 Reputation point
    2020-12-22T14:47:47.34+00:00

    Thank you, it helped me a lot to protect my server and website from attacks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.