Dear André
Ignore this crap. Really. We do 1-2 external security audits per year and I’ve seen incredible crap in those reports. My favorites are things like “Hostname mail.domain.com suggests this is a mail server. Consider changing it to something not so obvious.” and a few lines further down: “Detected open port 25 on server mail.domain.com. Attackers could abuse this knowledge. Consider changing the port to something else”, etc.. The worst I ever encountered was that in the report they were complaining, that there’s a firewall in place that blocks ports and/or certain ICMP types... :-O During the last few years I’ve learned, that these things are more or less unchanged output copy/pastes from automated hacking tools. If an audit company does not filter out such crap, you might as well consider changing your provider. One more: “Server with IP x.x.x.x with DNS name www.domain.com <http://www.domain.com> responds to Port 80” (not mentioning, that the only answer from Port 80 is a redirect to the respective https website). If you need some recommendations, contact me off-list. Kind regards, Viktor Von: [email protected] [mailto:[email protected]] Im Auftrag von Andre Keller Gesendet: Donnerstag, 10. März 2016 17:12 An: [email protected] Betreff: [swinog] TCP timestamps Dear fellow SwiNOGers, in the last few months we had several security audits and all of them proposed to disable tcp timestamps. (i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping). What do you guys think about this? Regards André
_______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
