I have done some more reading

BrianEschen · ‎10-10-2014

On my ASA 5520 with version 9.1(2)8 I am getting a warning about tcp timestamps when running the external security scan.

" It was detected that the host implements RFC1323"

Solution = Disable TCP timestamps

Please correct me if I am wrong, from what I can tell the security issues in RFC1323 have been fixed by RFC1948 and that has been obsoleted by RFC6528. But RFC1323 has been obsoleted by RFC7323, though RFC7323 was just released this September.

What should I do to eliminate my risk? Can I configure something on the ASA to use RFC1948 or 6528? Do I just have to disable tcp timestamps all together?

I found this page on clearing tcp timestamps but that disables PAWS

thanks for any advice

Vibhor Amrodia · ‎10-10-2014

Hi,

You would have to disable the time stamp to check for this RFC1323.

Check this on how to do it on the ASA device:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/conns_connlimits.html

Also check this for more information:-

http://stackoverflow.com/questions/7880383/what-benefit-is-conferred-by-tcp-timestamp

Thanks and Regards,

Vibhor Amrodia

BrianEschen · ‎10-12-2014

I have done some more reading and found a couple of things about TCP Normalization and Randomization that can be configured on the ASA. Does anyone have any experience with that? Maybe it will help?

TCP timestamps security vulnerabilities