Re: newbie question | prevent ICMP timestamp requests

From: David (thunderbolt01@netscape.net)
Date: 05/09/02

• Next message: ck: "Re: Question about chkrootkit"
• Previous message: Greg Owen: "Re: lighting---hacked!"
• In reply to: evan.cooch@NOSPAMcornell.edu: "newbie question | prevent ICMP timestamp requests"
• Next in thread: Juha Laiho: "Re: newbie question | prevent ICMP timestamp requests"
• Reply: Juha Laiho: "Re: newbie question | prevent ICMP timestamp requests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: David <thunderbolt01@netscape.net>
Date: Thu, 09 May 2002 15:19:26 GMT

evan.cooch@NOSPAMcornell.edu wrote:
> One of our IT folks here who is responsible for handling security on
> part of the network I work on ran a scan on all our systems, including
> my RH 7.1 box. He came up with several small little things for me to
> 'attend to'. One of them, however, is something I'm not quite sure
> what to do with. He mentions that my box is responding to ICMP
> timestamp requests.
>
> My limited understanding of such things is that this is one of the
> ways a DoS attack can be started - making lots of such requests.
>
> So, in an attempt to keep our IT folks happy - what is the easiest way
> to prevent ICMP timestamp requests? Please don't say 'configure
> ipchains' or 'install a firewall', unless these are the only options.
> I tried ipchains...once...and gave up trying to figure it out.
>
> Thanks!
>

If the system uses "sysctl" you can do it by adding this to
/etc/sysctl.conf and then restart the network.

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

If it doesn't use "sysctl" you can do it by adding this to the end of
/etc/rc.d/rc.local so it is run at system boot. Then also run it at the
command line if you want to activate it without a reboot.

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

-- 
   Confucius:  He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org

---

• Next message: ck: "Re: Question about chkrootkit"
• Previous message: Greg Owen: "Re: lighting---hacked!"
• In reply to: evan.cooch@NOSPAMcornell.edu: "newbie question | prevent ICMP timestamp requests"
• Next in thread: Juha Laiho: "Re: newbie question | prevent ICMP timestamp requests"
• Reply: Juha Laiho: "Re: newbie question | prevent ICMP timestamp requests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: newbie question | prevent ICMP timestamp requests ... He mentions that my box is responding to ICMP ... >/etc/sysctl.conf and then restart the network. ... a way short of ipchains/iptables to shut off ICMP timestamp requests. ... (comp.os.linux.security) newbie question | prevent ICMP timestamp requests ... He mentions that my box is responding to ICMP ... in an attempt to keep our IT folks happy - what is the easiest way ... to prevent ICMP timestamp requests? ... (comp.os.linux.security) Re: Database terminology ... Thanks for responding, ... I don't feel that folks who's support efforts have been recognized by ... opinion which does not reflect SQL DBMS 'best practice'. ... fundamental area of Jet 4.0 functionality from an inexplicably biased ... (microsoft.public.access.tablesdbdesign) Re: DNS NAT Problem ... When responding to posts, please "Reply to Group" via your newsreader so ... Because of physical location and network structure it is ... folder) is not a valid host name", click OK to create the record anyway). ... (microsoft.public.windows.server.dns) Re: XP Spooler, slow file open, slow properties ... Thanks for responding. ... While there are Nvidia cards on every other computer in the network, ... >> driver on the XP Pro machine, I noticed that it took up to 30 seconds to ... >> new printer driver also took much longer than usual. ... (microsoft.public.windowsxp.print_fax)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)