Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add details on tcp_timestamps

Browse Source
This commit is contained in:
Raja Grewal 2024-08-09 14:21:59 +10:00
parent 3456f1c1d7
commit f8fa89b245
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -347,9 +347,14 @@ net.ipv6.conf.default.accept_ra=0
#net.ipv4.tcp_dsack=0
## Disable TCP timestamps to limit device fingerprinting via system time.
## Timestamps allows round-trip time measurement and protection against wrapped sequence numbers.
## Disabling timestamps on very fast links is likely to cause TCP Sequence Numbers to wrap.
## Segments with wrapped numbers will be incorrectly discarded, reducing network performance.
##
## https://datatracker.ietf.org/doc/html/rfc1323
## https://forums.whonix.org/t/do-ntp-and-tcp-timestamps-really-leak-your-local-time/7824
## https://web.archive.org/web/20170201160732/https://mailman.boum.org/pipermail/tails-dev/2013-December/004520.html
## https://access.redhat.com/sites/default/files/attachments/20150325_network_performance_tuning.pdf
##
net.ipv4.tcp_timestamps=0