A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.<\/p>\n
\nDescription:<\/b><\/p>\n
The target computer responded to an ICMP timestamp request. By accurately determining the target’s clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.<\/p>\n
Platforms Affected:<\/b><\/p>\n
\n
- Apple, Mac OS <\/li>\n
- Cisco, IOS <\/li>\n
- Data General, DG\/UX <\/li>\n
- HP, HP-UX <\/li>\n
- HP, Tru64 UNIX <\/li>\n
- IBM, AIX <\/li>\n
- IBM, OS\/2 <\/li>\n
- Linux, Linux <\/li>\n
- Microsoft, Windows 98 Second Edition <\/li>\n
- Microsoft, Windows 2000 <\/li>\n
- Microsoft, Windows 2003 <\/li>\n
- Microsoft, Windows 95 <\/li>\n
- Microsoft, Windows 98 <\/li>\n
- Microsoft, Windows Me <\/li>\n
- Microsoft, Windows NT <\/li>\n
- Microsoft, Windows XP <\/li>\n
- Novell, Novell NetWare <\/li>\n
- SCO, SCO Unix <\/li>\n
- SGI, IRIX <\/li>\n
- Sun, Solaris <\/li>\n
- Wind River, BSD <\/li>\n<\/ul>\n
Remedy:<\/b><\/p>\n
Configure your firewall or filtering router to block outgoing ICMP packets. Block ICMP packets of type 13 or 14 and\/or code 0.<\/p>\n<\/blockquote>\n