SRX

Expand all | Collapse all

TCP Timestamps

Jump to Best Answer
  • 1.  TCP Timestamps

    Posted 02-01-2021 23:11
    Hi,

    I've been looking at the results of a security audit, and one of the low-risk problems is that our SRX responded with a TCP timestamp, and the audit was able to determine the system's boot time.
    They have the recommended config for a Cisco router (no ip tcp timestamp).

    Is there an equivalent command for Junos? Or is there some other way to remediate this issue?

    Thanks


  • 2.  RE: TCP Timestamps
    Best Answer

     
    Posted 02-02-2021 03:41
    Hi,

    I suppose "set system internet-options no-tcp-rfc1323" would do that. But I have no practical experience so can't commend on caveats.

    Regards

    Ulf


  • 3.  RE: TCP Timestamps

    Posted 02-02-2021 15:54
    Thanks, I'll look further into this