Hi,
[Forking another, dedicated sub-thread, since that's not about TCP
timestamps apparently.]
Patrick Schleizer wrote (31 Jul 2014 19:54:54 GMT) :
> http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux
> recommends:
>> To be on the safe side, add the following 2 lines to your firewall script:
>> iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP
>> iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP
> What do you think?
This seems to be another kind of timestamp, not TCP ones.
The command-line above seems to imply that there's some kind of ICMP
timestamp request, and the corresponding reply. Given we're already
blocking ICMP on the INPUT chain, I doubt it that adding these rules
would have any practical effect in Tails, apart of making our code
more complicated to understand, audit, and hack on. But I didn't look
deeper at it.
Any more educated opinion?
Cheers,
--
intrigeri
