TCP时间戳赋予了什么好处? [英] What benefit is conferred by TCP timestamp?

问题描述

我有一个安全扫描，发现它指示我禁用TCP时间戳.我了解建议的原因:时间戳可用于计算服务器正常运行时间，这对攻击者可能会有所帮助(在

I have a security scan finding directing me to disable TCP timestamps. I understand the reasons for the recommendation: the timestamp can be used to calculate server uptime, which can be helpful to an attacker (good explanation under heading "TCP Timestamps" at http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf).

但是，据我了解，TCP时间戳旨在增强TCP性能.自然地，在成本/收益分析中，性能下降是很大的，甚至可能太大.我很难理解可能会有多少性能成本.蜂巢中的任何节点都希望协助?

However, it's my understanding that TCP timestamps are intended to enhance TCP performance. Naturally, in the cost/benefit analysis, performance degradation is a big, possibly too big, cost. I'm having a hard time understanding how much, if any, performance cost there is likely to be. Any nodes in the hivemind care to assist?

推荐答案

答案最简洁地表示为

The answer is most succinctly expressed in RFC 1323 - Round-Trip Measurement... The introduction to the RFC also provides some relevant historical context...

   Introduction

   The introduction of fiber optics is resulting in ever-higher
   transmission speeds, and the fastest paths are moving out of the
   domain for which TCP was originally engineered.  This memo defines a
   set of modest extensions to TCP to extend the domain of its
   application to match this increasing network capability.  It is based
   upon and obsoletes RFC-1072 [Jacobson88b] and RFC-1185 [Jacobson90b].


  (3)  Round-Trip Measurement

       TCP implements reliable data delivery by retransmitting
       segments that are not acknowledged within some retransmission
       timeout (RTO) interval.  Accurate dynamic determination of an
       appropriate RTO is essential to TCP performance.  RTO is
       determined by estimating the mean and variance of the
       measured round-trip time (RTT), i.e., the time interval
       between sending a segment and receiving an acknowledgment for
       it [Jacobson88a].

       Section 4 introduces a new TCP option, "Timestamps", and then
       defines a mechanism using this option that allows nearly
       every segment, including retransmissions, to be timed at
       negligible computational cost.  We use the mnemonic RTTM
       (Round Trip Time Measurement) for this mechanism, to
       distinguish it from other uses of the Timestamps option.

通过禁用时间戳而导致的特定性能损失将取决于您的特定服务器操作系统以及您的操作方式(例如，请参见

The specific performance penalty you incur by disabling timestamps would depend on your specific server operating system and how you do it (for examples, see this PSC doc on performance tuning). Some OS require that you either enable or disable all RFC1323 options at once... others allow you to selectively enable RFC 1323 options.

如果您的虚拟服务器以某种方式限制了数据传输(也许您只购买了便宜的vhost计划)，那么也许您无论如何都无法使用更高的性能……也许值得将它们关闭以进行尝试.如果这样做，请确保在可能的情况下在几个不同的位置对基准性能进行基准测试.

If your data transfer is somehow throttled by your virtual server (maybe you only bought the cheap vhost plan), then perhaps you couldn't possibly use higher performance anyway... perhaps it's worth turning them off to try. If you do, be sure to benchmark your before and after performance from several different locations, if possible.

这篇关于TCP时间戳赋予了什么好处?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！