How to disable windows server 2008 timestamp response

Posted by Cal on Server Fault See other posts from Server Fault or by Cal
Published on 2014-06-06T22:01:49Z Indexed on 2014/06/08 9:27 UTC
Read the original article Hit count: 1018

Posted this question on stackoverflow but then got instructed to post it here:

I was using Rapid7's Nexpose to scan one of our web servers (windows server 2008), and got a vulnerability for timestamp response.

According to Rapid7, timestamp response shall be disabled: http://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp

So far I have tried several things:

  1. Edit the registry, add a "Tcp1323Opts" key to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, and set it to 0. http://technet.microsoft.com/en-us/library/cc938205.aspx

  2. Use this command: netsh int tcp set global timestamps=disabled

  3. Tried powershell command: Set-netTCPsetting -SettingName InternetCustom -Timestamps disabled (got error: Set-netTCPsetting : The term 'Set-netTCPsetting' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.) None of above attempts was successful, after re-scan we still got the same alert.

Rapid7 suggested using a firewall that's capable of blocking it, but we want to know if there is a setting on windows to achieve it.

Is it through a specific port? If yes, what is the port number? If not, could you suggest a 3rd party firewall that is capable of blocking it?

Thank you very much.

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about timestamp