Obtaining uptime information from TCP timestamps

2011-07-19T01:51:00
ID F5:K8072
Type f5
Reporter f5
Modified 2019-08-09T00:44:00

Description

BIG-IP system

Beginning in BIG-IP 12.1.4.1 for the 12.1.x branch only and beginning in BIG-IP 14.0.0, you can configure each TCP connection handled by the Traffic Management Microkernel (TMM) to start with a random timestamp to eliminate this information disclosure vulnerability. The behavior is controlled with the BigDB key tm.tcpsendrandomtimestamp, which is set to disabled by default.

BIG-IP system

Viewing the tm.tcpsendrandomtimestamp BigDB key setting

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the TMOS Shell (tmsh) by typing the following command:

tmsh

  1. To list the current setting, type the following command:

list /sys db tm.tcpsendrandomtimestamp

Changing the default tm.tcpsendrandomtimestamp BigDB key setting

Enabling this setting should prevent OS fingerprinting tools from obtaining uptime information from the BIG-IP system by way of a TMM interface. To enable the random timestamp setting, perform the following procedure.

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the TMOS Shell (tmsh) by typing the following command:

tmsh

  1. To change the BigDB key default value, use following command syntax:

modify /sys db tm.tcpsendrandomtimestamp value enable

None