Re: [swinog] TCP timestamps

> On 11 Mar 2016, at 01:33, Roger wrote: > > Hi Swinogers > well maybe the same experts where asked for an expertise from AVM for the > new Firmware upgrade on the router products this days. > They proudly announced to have a Stealthmode implemented, which of corse is > just

Re: [swinog] TCP timestamps

Hi Swinogers well maybe the same experts where asked for an expertise from AVM for the new Firmware upgrade on the router products this days. They proudly announced to have a Stealthmode implemented, which of corse is just a drop of ICMP Requests, which user find Evil because someone told

Re: [swinog] TCP timestamps

Dear André Ignore this crap. Really. We do 1-2 external security audits per year and I’ve seen incredible crap in those reports. My favorites are things like “Hostname mail.domain.com suggests this is a mail server. Consider changing it to something not so obvious.” and a few lines

Re: [swinog] TCP timestamps

❦ 10 mars 2016 17:12 +0100, Andre Keller  : > in the last few months we had several security audits and all of them > proposed to disable tcp timestamps. (i.e. on Linux > net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp > relies on this and there might be

Re: [swinog] TCP timestamps

On 2016-03-10 17:12, Andre Keller wrote: > Dear fellow SwiNOGers, > > in the last few months we had several security audits and all of them > proposed to disable tcp timestamps. Did they also state why? :) > (i.e. on Linux > net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp >