SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  TCP Timestamps

    Posted 02-01-2021 23:11
    Hi,

    I've been looking at the results of a security audit, and one of the low-risk problems is that our SRX responded with a TCP timestamp, and the audit was able to determine the system's boot time.
    They have the recommended config for a Cisco router (no ip tcp timestamp).

    Is there an equivalent command for Junos? Or is there some other way to remediate this issue?

    Thanks


  • 2.  RE: TCP Timestamps
    Best Answer

     
    Posted 02-02-2021 03:41
    Hi,

    I suppose "set system internet-options no-tcp-rfc1323" would do that. But I have no practical experience so can't commend on caveats.

    Regards

    Ulf


  • 3.  RE: TCP Timestamps

    Posted 02-02-2021 15:54
    Thanks, I'll look further into this


  • 4.  RE: TCP Timestamps

    Posted 02-01-2024 09:27

    Hello Luke, were you able to mitigate this vulnerability?  if yes, what did you do?



    ------------------------------
    RAHUL NANGARE
    ------------------------------