One Bad Pixel

Clearing TCP Timestamps on Cisco ASA

TCP Timestamps can be used to help a potential attacker identify the OS of the target system, as different operating systems update the timestamps in different but predictable ways. By analyzing multiple packets, its possible to determine the OS and use this information to better formulate an attack tailored towards the specific OS.
Even though TCP Timestamps are a LOW priority (informational) issue, occasionally clients demand it be fixed so that they can get a 100% clean bill of health on their security scans. It took me a bit to figure it out, but the following rules on a Cisco ASA should clear the TCP timestamps from all traffic going through the router.

tcp-map tmap
  timestamp  clear
access-list tcp-acl permit tcp any any
class-map tcp-class
  match access-l tcp-acl
policy-map pmap
  class ts-class
    set connection advanced-options tmap
service-policy pmap global

Leave a comment!