Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Photon operating system must send TCP timestamps.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239184 | PHTN-67-000113 | SV-239184r675360_rule | Medium |
| Description |
|---|
| TCP timestamps are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps. These calculated uptimes can help a bad actor in determining likely patch levels for vulnerabilities. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42395r675358_chk ) |
|---|
| At the command line, execute the following command: # /sbin/sysctl -a --pattern "net.ipv4.tcp_timestamps$" Expected result: net.ipv4.tcp_timestamps = 1 If the output does not match the expected result, this is a finding. |
| Fix Text (F-42354r675359_fix) |
|---|
| At the command line, execute the following commands: # sed -i -e "/^net.ipv4.tcp_timestamps/d" /etc/sysctl.conf # echo net.ipv4.tcp_timestamps=1>>/etc/sysctl.conf |