The system must not process Internet Control Message Protocol (ICMP) timestamp requests.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22409 | GEN003602 | SV-64445r2_rule | Low |
| Description |
|---|
| The processing of (ICMP) timestamp requests increases the attack surface of the system. |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2020-02-25 |
Details
| Check Text ( C-52881r2_chk ) |
|---|
| Verify the system does not respond to ICMP TIMESTAMP-REQUESTs Procedure: # grep "timestamp" /etc/sysconfig/iptables This should return entries for "timestamp-reply" and "timestamp-request". Both should end with "-j DROP'. If either does not exist or does not "DROP" the message, this is a finding. |
| Fix Text (F-55059r2_fix) |
|---|
| Configure the system to not respond to ICMP TIMESTAMP-REQUESTs. This is done by rejecting ICMP type 13 and 14 messages at the firewall. Procedure: Edit /etc/sysconfig/iptables to add: -A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-request -j DROP -A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-reply -j DROP Restart the firewall: # service iptables restart |