TatianaE
Contributor
Contributor

how to disable TCP timestamp on vmware esxi 6.5 hypervisors

Hi!

We were conducting an internal security audit of our vmware esxi 6.5 hypervisors and received a report on the security flaws and the measures needed to fix them. The report warned us that we have TCP timestamp enabled. We did not find any documentation on disabling TCP timestamp on vmware esxi 6.5 hypervisors.

However, we've also read that TCP timestamping is important to TCP performance.

How to  disable TCP timestamps on vmware esxi 6.5 hypervisors?

What would you recommend in this case?

Thanks in advance.

 

Labels (1)
Tags (1)
0 Kudos
3 Replies
Ank_S
Enthusiast
Enthusiast

Hello,

Follow the below steps to disable the TCP timestamps :

1) Check the status :

    vsish -e get /net/tcpip/instances/defaultTcpipStack/sysctl/_net_inet_tcp_rfc1323

 

2) If the output is "_net_inet_tcp_rfc1323=1" , run the below command to set it to 0 (Disabled)

    vsish -e set /net/tcpip/instances/defaultTcpipStack/sysctl/_net_inet_tcp_rfc1323 0

 

3) Verify the value again and confirm it shows 0 (Disabled)

    vsish -e get /net/tcpip/instances/defaultTcpipStack/sysctl/_net_inet_tcp_rfc1323


PS: Mark kudos or Correct Answer as appropriate if it resolves.   

0 Kudos
wokan82
Contributor
Contributor

Good afternoon,

I have done this on an ESXI (not connected to any vcenter) but after a short time/restart I get a value reset....

How can I make this value persistent and not be modified after a period of time/restart?

Thank you.

 

Google Translated 😉

0 Kudos
continuum
Immortal
Immortal

ESXi forgets commands like that over a restart.
Create a script that runs this commands after every boot.-

 

 


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos