https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/385022#M90097 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/131110">@Mohammed_Yasin</a> ,</P> <P>&nbsp;</P> <P>I'm pretty sure you won't be able to do this unless you root into the device and edit some config-file.</P> <P>I'd recommend reaching out to support with your findings of the vulnerability assessment.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 10 Feb 2021 10:14:04 GMT kiwi 2021-02-10T10:14:04Z https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/384942#M90092 <P><FONT face="arial,helvetica,sans-serif" size="3">In my case, the team is performing a vulnerability assessment on PA820</FONT></P><P><FONT face="arial,helvetica,sans-serif" size="3"><STRONG>Vulnerability Title:</STRONG><SPAN>&nbsp;</SPAN>TCP timestamp response.</FONT></P><P><FONT face="arial,helvetica,sans-serif" size="3"><STRONG>Description:</STRONG><SPAN>&nbsp;</SPAN>The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps.</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif" size="3">The scanning was running to the MGMT IP,</FONT></P><P>&nbsp;</P><P><STRONG>How to disable the timestamp response.</STRONG></P> Wed, 10 Feb 2021 06:37:38 GMT https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/384942#M90092 Mohammed_Yasin 2021-02-10T06:37:38Z https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/385022#M90097 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/131110">@Mohammed_Yasin</a> ,</P> <P>&nbsp;</P> <P>I'm pretty sure you won't be able to do this unless you root into the device and edit some config-file.</P> <P>I'd recommend reaching out to support with your findings of the vulnerability assessment.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 10 Feb 2021 10:14:04 GMT https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/385022#M90097 kiwi 2021-02-10T10:14:04Z https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/405561#M92023 <P>The answer to this is found here:<BR /><A href="https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/tcp-timestamp-response-on-mgmnt-ip/td-p/384943" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/tcp-timestamp-response-on-mgmnt-ip/td-p/384943</A></P><P>User&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/34186">@mivaldi</a>&nbsp; explains this topic and what can be done.</P><P>&nbsp;</P><P>Also found this option as well:<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFZCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFZCA0</A></P> Fri, 07 May 2021 19:39:10 GMT https://live.paloaltonetworks.com/t5/general-topics/tcp-timestamp-response-during-the-vulnerability-assessment/m-p/405561#M92023 DaBone 2021-05-07T19:39:10Z