Security Metrics may claim that enabled timestamps represent a security vulnerability. In there opinion, knowledge of how long your server has been running is a valuable target.

In the modern era of virtualized servers, content delivery networks and proxied load balancers ClearCenter does not see this as relevant, important, significant or risky.

Please note that there is no CVE associated with this issue nor is there any specific reference to any regulatory requirement to NOT have TCP Timestamps. Additionally, disabling TCP timestamps can adversely affect performance.

Timestamps do not present a security vulnerability.

Timestamps are essential for optimal performance and do not indicate a specific risk. Moreover, the information associated with timestamps is not an accurate predictor of how long the server has been running but rather how long the network service has been running (i.e. they can be reset by restarting the network service at any time).

Since such information is arbitrary and not predictive and does not represent a specific risk, there is nothing to be done. Moreover, removal will adversely affect performance which will cannot tolerate.

If adverse performance is an acceptable trade-off for removing TCP Timestamps, perform the following:

First, modify the /etc/sysctl.conf file using your favorite command line editor (e.g. nano, vi, or emacs). Add the following line:

net.ipv4.tcp_timestamps = 0

Restart the network service:

service network restart

or you can also reboot the server.

• RFC1323