UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must send TCP timestamps.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239184 PHTN-67-000113 SV-239184r816674_rule Medium
Description
TCP timestamps are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps. These calculated uptimes can help a bad actor in determining likely patch levels for vulnerabilities.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42395r675358_chk )
At the command line, execute the following command:

# /sbin/sysctl -a --pattern "net.ipv4.tcp_timestamps$"

Expected result:

net.ipv4.tcp_timestamps = 1

If the output does not match the expected result, this is a finding.
Fix Text (F-42354r816673_fix)
Open /etc/sysctl.conf with a text editor.

Add or update the following line:

net.ipv4.tcp_timestamps = 1

Run the following command to load the new setting:

# /sbin/sysctl --load