ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

Description:

The target computer responded to an ICMP timestamp request. By accurately determining the target’s clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.

Platforms Affected:

  • Apple, Mac OS
  • Cisco, IOS
  • Data General, DG/UX
  • HP, HP-UX
  • HP, Tru64 UNIX
  • IBM, AIX
  • IBM, OS/2
  • Linux, Linux
  • Microsoft, Windows 98 Second Edition
  • Microsoft, Windows 2000
  • Microsoft, Windows 2003
  • Microsoft, Windows 95
  • Microsoft, Windows 98
  • Microsoft, Windows Me
  • Microsoft, Windows NT
  • Microsoft, Windows XP
  • Novell, Novell NetWare
  • SCO, SCO Unix
  • SGI, IRIX
  • Sun, Solaris
  • Wind River, BSD

Remedy:

Configure your firewall or filtering router to block outgoing ICMP packets. Block ICMP packets of type 13 or 14 and/or code 0.

ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.