Vulnerability test

[Julien]

Hi Guys,
today i've done a Vulnerability test toward the appliance.
the result comes back with TCP timestamps
i know the risk is low,the attacker need to know how long your system is on.
is this something we can get fixed ? or need some tunable tricks ?
thank you

[BeNe]

Please try to set the value of net.inet.tcp.rfc1323 to 0 by running the following command:

Code: [Select]

sysctl -w net.inet.tcp.rfc1323=0
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:

Code: [Select]

net.inet.tcp.rfc1323=0
Source --> https://pseudobsd.tumblr.com/post/87704883767/disabling-tcp-timestamp-response-on-freebsd

[Julien]

Please try to set the value of net.inet.tcp.rfc1323 to 0 by running the following command:

Code: [Select]

sysctl -w net.inet.tcp.rfc1323=0
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:

Code: [Select]

net.inet.tcp.rfc1323=0
Source --> https://pseudobsd.tumblr.com/post/87704883767/disabling-tcp-timestamp-response-on-freebsd

will this value be overwrite  after the updates ?

[Oxygen61]

will this value be overwrite  after the updates ?

probably, sadly.

If you find some time, can you check if it is enough to add net.inet.tcp.rfc1323=0
to the tunables in [System: Settings: Tunables] ?
This may work aswell and even survive any upcoming updates. Besides that i would recommend to write down all these tunables somewhere, in case an update wrecks all additional made settings.

[Julien]

will this value be overwrite  after the updates ?

probably, sadly.

If you find some time, can you check if it is enough to add net.inet.tcp.rfc1323=0
to the tunables in [System: Settings: Tunables] ?
This may work aswell and even survive any upcoming updates. Besides that i would recommend to write down all these tunables somewhere, in case an update wrecks all additional made settings.

Thank you for your answer.
after every changes we makes we take a backup.