TCP时间戳有什么好处? [英] What benefit is conferred by TCP timestamp?

问题描述

我有一个安全扫描发现指示我禁用 TCP 时间戳.我理解推荐的原因:时间戳可用于计算服务器正常运行时间，这对攻击者很有帮助(http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf).

I have a security scan finding directing me to disable TCP timestamps. I understand the reasons for the recommendation: the timestamp can be used to calculate server uptime, which can be helpful to an attacker (good explanation under heading "TCP Timestamps" at http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf).

但是，据我所知，TCP 时间戳旨在增强 TCP 性能.自然地，在成本/收益分析中，性能下降是一个很大的成本，可能太大了.我很难理解可能会有多少性能成本(如果有的话).hivemind 中的任何节点需要协助吗?

However, it's my understanding that TCP timestamps are intended to enhance TCP performance. Naturally, in the cost/benefit analysis, performance degradation is a big, possibly too big, cost. I'm having a hard time understanding how much, if any, performance cost there is likely to be. Any nodes in the hivemind care to assist?

推荐答案

RFC 1323 - 往返测量... RFC 的介绍还提供了一些相关的历史背景...

The answer is most succinctly expressed in RFC 1323 - Round-Trip Measurement... The introduction to the RFC also provides some relevant historical context...

   Introduction

   The introduction of fiber optics is resulting in ever-higher
   transmission speeds, and the fastest paths are moving out of the
   domain for which TCP was originally engineered.  This memo defines a
   set of modest extensions to TCP to extend the domain of its
   application to match this increasing network capability.  It is based
   upon and obsoletes RFC-1072 [Jacobson88b] and RFC-1185 [Jacobson90b].


  (3)  Round-Trip Measurement

       TCP implements reliable data delivery by retransmitting
       segments that are not acknowledged within some retransmission
       timeout (RTO) interval.  Accurate dynamic determination of an
       appropriate RTO is essential to TCP performance.  RTO is
       determined by estimating the mean and variance of the
       measured round-trip time (RTT), i.e., the time interval
       between sending a segment and receiving an acknowledgment for
       it [Jacobson88a].

       Section 4 introduces a new TCP option, "Timestamps", and then
       defines a mechanism using this option that allows nearly
       every segment, including retransmissions, to be timed at
       negligible computational cost.  We use the mnemonic RTTM
       (Round Trip Time Measurement) for this mechanism, to
       distinguish it from other uses of the Timestamps option.

您因禁用时间戳而招致的具体性能损失取决于您的特定服务器操作系统以及您的操作方式(例如，请参阅此 PSC 性能调优文档).某些操作系统要求您一次启用或禁用所有 RFC1323 选项……其他操作系统允许您有选择地启用 RFC 1323 选项.

The specific performance penalty you incur by disabling timestamps would depend on your specific server operating system and how you do it (for examples, see this PSC doc on performance tuning). Some OS require that you either enable or disable all RFC1323 options at once... others allow you to selectively enable RFC 1323 options.

如果您的数据传输以某种方式受到您的虚拟服务器的限制(也许您只购买了廉价的 vhost 计划)，那么您可能无论如何都无法使用更高的性能……也许值得尝试关闭它们.如果这样做，请务必在可能的情况下从多个不同位置对前后表现进行基准测试.

If your data transfer is somehow throttled by your virtual server (maybe you only bought the cheap vhost plan), then perhaps you couldn't possibly use higher performance anyway... perhaps it's worth turning them off to try. If you do, be sure to benchmark your before and after performance from several different locations, if possible.

这篇关于TCP时间戳有什么好处?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！