A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.
Description:
The target computer responded to an ICMP timestamp request. By accurately determining the target’s clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.
Platforms Affected:
- Apple, Mac OS
- Cisco, IOS
- Data General, DG/UX
- HP, HP-UX
- HP, Tru64 UNIX
- IBM, AIX
- IBM, OS/2
- Linux, Linux
- Microsoft, Windows 98 Second Edition
- Microsoft, Windows 2000
- Microsoft, Windows 2003
- Microsoft, Windows 95
- Microsoft, Windows 98
- Microsoft, Windows Me
- Microsoft, Windows NT
- Microsoft, Windows XP
- Novell, Novell NetWare
- SCO, SCO Unix
- SGI, IRIX
- Sun, Solaris
- Wind River, BSD
Remedy:
Configure your firewall or filtering router to block outgoing ICMP packets. Block ICMP packets of type 13 or 14 and/or code 0.
ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests