[jira] [Updated] (CLOUDSTACK-5243) SSVM responds with timestamp

[John Kinsella (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-5243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

John Kinsella updated CLOUDSTACK-5243:
--------------------------------------

    Description: 
Scanners report SSVM responded with a TCP timestamp and that “the TCP timestamp 
response can be used to approximate the remote host's uptime, potentially 
aiding in further attacks. Additionally, some operating systems can be 
fingerprinted based on the behavior of their TCP timestamps.”  The fix is 
straightforward:

Set the value of net.ipv4.tcp_timestamps to 0 by running the following command:
sysctl -w net.ipv4.tcp_timestamps=0
Additionally, put the following value in the default sysctl configuration file, 
generally sysctl.conf:
net.ipv4.tcp_timestamps=0


Identified by: Demetrius Tsitrelis from Citrix 

  was:
Scanners report SSVM responded with a TCP timestamp and that “the TCP timestamp 
response can be used to approximate the remote host's uptime, potentially 
aiding in further attacks. Additionally, some operating systems can be 
fingerprinted based on the behavior of their TCP timestamps.”  The fix is 
straightforward:

Identified by: Demetrius Tsitrelis from Citrix 


> SSVM responds with timestamp
> ----------------------------
>
>                 Key: CLOUDSTACK-5243
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5243
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.2.0
>            Reporter: John Kinsella
>              Labels: security
>             Fix For: 4.3.0
>
>
> Scanners report SSVM responded with a TCP timestamp and that “the TCP 
> timestamp response can be used to approximate the remote host's uptime, 
> potentially aiding in further attacks. Additionally, some operating systems 
> can be fingerprinted based on the behavior of their TCP timestamps.”  The fix 
> is straightforward:
> Set the value of net.ipv4.tcp_timestamps to 0 by running the following 
> command:
> sysctl -w net.ipv4.tcp_timestamps=0
> Additionally, put the following value in the default sysctl configuration 
> file, generally sysctl.conf:
> net.ipv4.tcp_timestamps=0
> Identified by: Demetrius Tsitrelis from Citrix 



--
This message was sent by Atlassian JIRA
(v6.1#6144)