Disable ICMP timestamp response

Description:

The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services.

In addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP timestamp requests.

Solution:

  • Sun Solaris

    Disable ICMP timestamp responses on Solaris

     

    Execute the following commands:

       /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
       /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

    Disable ICMP timestamp responses

     

    Disable ICMP timestamp replies for the device. If the device does not support this level of configuration, the easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).