On the topic of hardening your (host) and the danger of time leaks Whonix advises to disable TCP timestamps via kernel sysctl. I just did, my question is if this is useful and/or effective?
Under the original question Aiuti Marble makes the following comment:
In modern Linux (i.e. Ubuntu 16, 18) changing the value of
net.ipv4.tcp_timestampshas no effect. The documentation at kernel org doc Documentation networking ip-sysctl.txt is incorrect for modern kernels.
Ajuti does not substantiate his claim by pointing to relevant sources, but … is he right?
- As I work with Ubuntu 18.04 as host, I found this in the Ubuntu manual on sysctl(d)
Many sysctl parameters only become available when certain kernel modules are loaded. Modules are usually loaded on demand, e.g. when certain hardware is plugged in or network brought up. This means that systemd-sysctl.service(8) which runs during early boot will not configure such parameters if they become available after it has run. To set such parameters, it is recommended to add an udev(7) rule to set those parameters when they become available. Alternatively, a slightly simpler and less efficient option is to add the module to modules-load.d(5), causing it to be loaded statically before sysctl settings are applied (see example below).
So we set the sysctl
net.ipv4.tcp_timestamps parameter, but is it applied?? Maybe Whonix knows for sure this is the case, otherwise this feature should be tested by looking at TCP packets going out.