asked on SBS 2011 Server and PCI compliance scans - TCP Timestamps
Hi,
Thank you for reading my question! I am trying to pass a PCI Compliance VA scan, but the whenever we scan the IP that has our mail server on, it comes back with TCP Timestamps enabled.
I have scoured the internet for the registry change and also tried the netsh methods, but it still comes back as a vulernabilities, is there a way I can disable TCP timestamps?
many thanks for your time.
Thank you for reading my question! I am trying to pass a PCI Compliance VA scan, but the whenever we scan the IP that has our mail server on, it comes back with TCP Timestamps enabled.
I have scoured the internet for the registry change and also tried the netsh methods, but it still comes back as a vulernabilities, is there a way I can disable TCP timestamps?
many thanks for your time.
Microsoft Server OSTCP/IP
Last Comment
mavmanau
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
It's the function of the OS, not the application. Did you reboot the server after changing the setting?
ASKER
i did, i already had it in there with a value of 0, I changed it to 1 and rebooted, to no avail.
I think it is more a fact that it is a tcp timestamp reply rather than just a tcp timestamp so i might check our router see if we can block outbound tcp timestamp replys
I think it is more a fact that it is a tcp timestamp reply rather than just a tcp timestamp so i might check our router see if we can block outbound tcp timestamp replys
ASKER
Hi,
I couldn't find a way of doing it, so I am simply going to get a manual exception. Everything I have found online says that it is a feature of Win 2008 that can not be disabled.
I couldn't find a way of doing it, so I am simply going to get a manual exception. Everything I have found online says that it is a feature of Win 2008 that can not be disabled.
ASKER
many thanks
Is there a way you know of to disable it in the exchange server itself?