TCP timestamps on some (but not all?) of our CentOS hosts are being reported as a vulnerability by OSSIM. I have looked into the matter briefly and cannot say that I consider this a serious security issue.
The vulnerability seems limited to determining the uptime of the target host. The question therefore arises as to whether or not there is any way to reset the tcp timestamp present value to zero or some randomly determined value. If not then what are the technical impediments?
I am cognisant of the role of tcp timestamps in handling serial number rollovers. However, since the timestamp itself also must rollover, given sufficient uptime (~288 days I believe I read), what prevents one from manually forcing that event? Is there such a means provided in CentOS6?