Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: TCP_Timestamp

TCP_Timestamp 5 years 2 months ago #37482

  • Dove
  • Dove's Avatar
  • Offline
  • Distinguished Member
  • Posts: 198
  • Thank you received: 1
  • Karma: 2
Hi

We have hosted a website using ReHad 5.2 and Apache Foundation. This was working fine but all of sudden the performance dropped and it takes 90secs to load the page.

We did various investigations in Network devices like Cisco CSM, Juniper Firewall, Cisco FWSM etc.. and did packet capture and found the Apache server is not responding for SYN request from client. After we did google and found an option saying disable the TCP_Timestamp.

As soon as we did the tcp_timestamp off in Apache server, the website performance returned to normal...!!!

Is anyone faced this kind of issue? Any idea why all of sudden Server created this problem? Do we need to install any patch? Is it a bug in Linux?

Please advice...

Thanks in Advance for you help

Dove
Last Edit: 5 years 2 months ago by Dove.
The administrator has disabled public write access.

Re: TCP_Timestamp 5 years 2 months ago #37483

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
TCP Timestamps normally add around 12 bytes to the TCP header if I remember correctly, thus increasing the overhead, but it also a good idea to disable them in the system (IPv4) as they are relative to real time and a hacker could potentially figure the time since the system's last rebooted.

I don't know though how it would impact the server's performance to the point you are describing, unless the system was under attack; Did you manage to see if there were hundreds of connections to the server - something that would indicate hackers were trying to use this exploit-security hole?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: TCP_Timestamp 5 years 2 months ago #37487

  • Dove
  • Dove's Avatar
  • Offline
  • Distinguished Member
  • Posts: 198
  • Thank you received: 1
  • Karma: 2
Hi Chris

These are webservers, normally they would have about 1000-2000 connections. I don't see increase in number of connections....

Is there any other way to check whether these webservers were under attack?

Thanks
Mahendra

Dove
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup