none
Block TCP timestamp in Windows Server 2012

    Question

  • Hi,

    we are looking for solution to disable the TCP timestamp in Windows server 2012. Reason its vulnerability in security report.

    thanks

    Faisal


    durranifaisal

    Tuesday, December 31, 2013 4:59 AM

Answers

  • Hi,

    In general, it is not recommended to disable TCP timestamp option. For more detailed information, please refer to the RFC below:

    TCP Extensions for High Performance

    If you readlly wanted to disable it, please set the value of the following registry in the regsitry editor to be 0:

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts

    If that registry does not exist, please add it to see if it can disable TCP timestamp option.

    Best regards,

    Susie


    • Marked as answer by faisal durrani Wednesday, January 1, 2014 5:43 AM
    Wednesday, January 1, 2014 3:28 AM
    Moderator
  • Thanks we implemented it.

    durranifaisal

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:22 AM
    Wednesday, January 1, 2014 4:58 AM
  • we require same advice on the following.

    How to block ICMP timestamp on server 2008R2.

    How to block ICMP timestamp on server 2012.

    How to block TCP timestamp on server 2008R2.

    regards,

    Faisal


    durranifaisal

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:22 AM
    Wednesday, January 1, 2014 5:43 AM
  • Hi,

    Good to hear that.

    If you wanted to block TCP timestamp on Windows server 2008R2, you can also try the steps above to see if it works. Please note that it is not recommended to disable TCP timestamp option.

    If you wanted to block ICMP timestamp, please run the command below at the command prompt:

    "netsh firewall set icmpsetting type = 13 mode = disable"

    More information, please refer to the link below:

    Block and Unblock ICMP Messages

    Best regards,

    Susie

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:23 AM
    Thursday, January 2, 2014 3:02 AM
    Moderator

All replies

  • Hi,

    In general, it is not recommended to disable TCP timestamp option. For more detailed information, please refer to the RFC below:

    TCP Extensions for High Performance

    If you readlly wanted to disable it, please set the value of the following registry in the regsitry editor to be 0:

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts

    If that registry does not exist, please add it to see if it can disable TCP timestamp option.

    Best regards,

    Susie


    • Marked as answer by faisal durrani Wednesday, January 1, 2014 5:43 AM
    Wednesday, January 1, 2014 3:28 AM
    Moderator
  • Thanks we implemented it.

    durranifaisal

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:22 AM
    Wednesday, January 1, 2014 4:58 AM
  • we require same advice on the following.

    How to block ICMP timestamp on server 2008R2.

    How to block ICMP timestamp on server 2012.

    How to block TCP timestamp on server 2008R2.

    regards,

    Faisal


    durranifaisal

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:22 AM
    Wednesday, January 1, 2014 5:43 AM
  • Hi,

    Good to hear that.

    If you wanted to block TCP timestamp on Windows server 2008R2, you can also try the steps above to see if it works. Please note that it is not recommended to disable TCP timestamp option.

    If you wanted to block ICMP timestamp, please run the command below at the command prompt:

    "netsh firewall set icmpsetting type = 13 mode = disable"

    More information, please refer to the link below:

    Block and Unblock ICMP Messages

    Best regards,

    Susie

    • Marked as answer by faisal durrani Thursday, January 2, 2014 5:23 AM
    Thursday, January 2, 2014 3:02 AM
    Moderator
  • Thanks for update kindly clear one more thing. Does it require that a firewall should be open on system/server?

    if windows firewall is off= then what will be the impact?

    if windows firewall id On= what will be the impact?

    we are initiating this process due to security concerns, they are testing vulnerabilities. and we need to disable that , its seems in their report that is vulnerability.

    regards,

    Faisal


    durranifaisal

    Thursday, January 2, 2014 5:27 AM
  • Hi,

    Sorry for replying so late.

    According to the article-Block and Unblock ICMP Messages, the configuration is under the scenario of windows firewall is turned on. If you turn off windows firewall, it cannot block ICMP messages. In addition, it is recommended to turn on windows firewall because of security concerns.

    Best regards,

    Susie

    Monday, January 20, 2014 9:32 AM
    Moderator
  • netsh firewall is deprecated on these OS's and you should use netsh advfirewall.

    netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block

    Actually used as an example here

    https://support.microsoft.com/en-us/kb/947709

    Thursday, March 3, 2016 3:14 PM
  • Does not appear to work with Windows Server 2012 - can anyone confirm it does or doesn't?
    Wednesday, August 3, 2016 9:51 PM
  • I have added HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts in registry set to 0 but the vulnerability scan still showing timestamps. Is there any other way to Disable the timestamp?
    Tuesday, August 23, 2016 4:39 AM
  • Have you restarted the server post the registry changes
    Friday, March 3, 2017 5:55 AM