UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not process Internet Control Message Protocol (ICMP) timestamp requests.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22409 GEN003602 SV-35022r1_rule ECSC-1 Low
Description
The processing of ICMP timestamp requests increases the attack surface of the system.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2017-12-08

Details

Check Text ( C-36502r1_chk )
Verify the system does not respond to ICMP Timestamp requests.
# ndd -get /dev/ip ip_respond_to_timestamp

If the result is not 0, this is a finding.
Fix Text (F-31859r1_fix)
Disable ICMP Timestamp responses on the system.
# ndd -set /dev/ip ip_respond_to_timestamp 0

Edit /etc/rc.config.d/nddconf and add/set:
TRANSPORT_NAME[x]=ip
NDD_NAME[x]=ip_respond_to_timestamp
NDD_VALUE[x]=0