Re: [Tails-dev] ICMP timestamps [Was: [review'n'merge:1.2] f…

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: The Tails public development discussion list
古いトピック: Re: [Tails-dev] [review'n'merge:1.2] feature/6579-disable-tcp-timestamps [Was: Risks of enabled/disabled TCP timestamps?]
題目: Re: [Tails-dev] ICMP timestamps [Was: [review'n'merge:1.2] feature/6579-disable-tcp-timestamps]
Hi,

[Forking another, dedicated sub-thread, since that's not about TCP
timestamps apparently.]

Patrick Schleizer wrote (31 Jul 2014 19:54:54 GMT) :
> http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux
> recommends:


>> To be on the safe side, add the following 2 lines to your firewall script:


>> iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP
>> iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP


> What do you think?


This seems to be another kind of timestamp, not TCP ones.

The command-line above seems to imply that there's some kind of ICMP
timestamp request, and the corresponding reply. Given we're already
blocking ICMP on the INPUT chain, I doubt it that adding these rules
would have any practical effect in Tails, apart of making our code
more complicated to understand, audit, and hack on. But I didn't look
deeper at it.

Any more educated opinion?

Cheers,
--
intrigeri