Hi, [Forking another, dedicated sub-thread, since that's not about TCP timestamps apparently.]
Patrick Schleizer wrote (31 Jul 2014 19:54:54 GMT) : > http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux > recommends: >> To be on the safe side, add the following 2 lines to your firewall script: >> iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP >> iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP > What do you think? This seems to be another kind of timestamp, not TCP ones. The command-line above seems to imply that there's some kind of ICMP timestamp request, and the corresponding reply. Given we're already blocking ICMP on the INPUT chain, I doubt it that adding these rules would have any practical effect in Tails, apart of making our code more complicated to understand, audit, and hack on. But I didn't look deeper at it. Any more educated opinion? Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
