In a nutshell, TCP timestamps can be included as a TCP option to specify the sending host's timestamp and echo the most recently received timestamp from the other side of the connection. The notion of time or timestamp is not the typical one since it denotes, for most operating systems except OpenBSD, a representation of the uptime of the host since the last reboot.
Thursday, July 22, 2010
IDS Evasion on Linux Off-by-one TCP Timestamps
A very good article explaining potential IDS/IPS evasion with Linux 2.4/2.6 Kernel using off-by-one TCP timestamps.