Re: [swinog] TCP timestamps

2016-03-11 Diskussionsfäden Andreas Fink
> On 11 Mar 2016, at 11:40, Robert Meyer wrote: > > Hi, > >> Furthermore ICMP is _mandatory_ for MTU path discovery to work. So be ready >> for all kind of non functioning stuff if you transfer larger packets than >> the MTU somewhere in the middle (such as trying to

Re: [swinog] TCP timestamps

2016-03-11 Diskussionsfäden Robert Meyer
Hi, > Furthermore ICMP is _mandatory_ for MTU path discovery to work. So be ready > for all kind of non functioning stuff if you transfer larger packets than the > MTU somewhere in the middle (such as trying to squeeze a 1500 byte ethernet > packet into a IPSec tunnel with a MTU around 1426).

Re: [swinog] TCP timestamps

2016-03-10 Diskussionsfäden Andreas Fink
> On 11 Mar 2016, at 01:33, Roger wrote: > > Hi Swinogers > well maybe the same experts where asked for an expertise from AVM for the > new Firmware upgrade on the router products this days. > They proudly announced to have a Stealthmode implemented, which of corse is > just

Re: [swinog] TCP timestamps

2016-03-10 Diskussionsfäden Roger
Hi Swinogers well maybe the same experts where asked for an expertise from AVM for the new Firmware upgrade on the router products this days. They proudly announced to have a Stealthmode implemented, which of corse is just a drop of ICMP Requests, which user find Evil because someone told

Re: [swinog] TCP timestamps

2016-03-10 Diskussionsfäden Viktor Steinmann
nog.ch [mailto:swinog-boun...@lists.swinog.ch] Im Auftrag von Andre Keller Gesendet: Donnerstag, 10. März 2016 17:12 An: swinog@lists.swinog.ch Betreff: [swinog] TCP timestamps Dear fellow SwiNOGers, in the last few months we had several security audits and all of them proposed to disable tcp time

Re: [swinog] TCP timestamps

2016-03-10 Diskussionsfäden Vincent Bernat
❦ 10 mars 2016 17:12 +0100, Andre Keller  : > in the last few months we had several security audits and all of them > proposed to disable tcp timestamps. (i.e. on Linux > net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp > relies on this and there might be

Re: [swinog] TCP timestamps

2016-03-10 Diskussionsfäden Jeroen Massar
On 2016-03-10 17:12, Andre Keller wrote: > Dear fellow SwiNOGers, > > in the last few months we had several security audits and all of them > proposed to disable tcp timestamps. Did they also state why? :) > (i.e. on Linux > net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp >