firewall defend tcp-timestamp
Function
The firewall defend tcp-timestamp command sets an action for TCP packets whose Options field contains the Timestamps option.
The undo firewall defend tcp-timestamp command restores the default setting.
Parameters
| Parameter | Description | Value |
|---|---|---|
| block | Indicates that the action is block. | - |
| clear | Indicates that the action is to clear Timestamps option. | - |
| allow | Indicates that the action is allow. | - |
Usage Guidelines
By default, TCP packets whose Options field carries the Timestamps option are allowed.
RFC 1323 introduces some enhanced TCP performance-related options and technologies, including the TCP Timestamps option and the TCP Protect Against Wrapped Sequence Numbers (TCP PAWS) technology. PAWS uses the TCP Timestamps option to protect against old duplicates from the same connection.
If an attacker sends a large number of TCP PAWS packets with a large Timestamps option value to a host that has a vulnerability, the host will set the value of the internal timer to the value of the Timestamps option when processing the packets. As a result, the host will discard subsequent valid packets because the Timestamps option values of these packets are smaller than the current one on the host. The host considers these packets out-of-date or invalid, causing a denial of service (DoS).
In this case, you can run firewall defend tcp-timestamp { block | clear } command to block the TCP packets whose Options field carries the Timestamps option or clear the Timestamps option.
Clearing the Timestamps option of a TCP packet makes RTTM and PAWS unavailable.