Re: newbie question | prevent ICMP timestamp requests

From: Juha Laiho (Juha.Laiho@iki.fi)
Date: 05/09/02 

From: Juha Laiho <Juha.Laiho@iki.fi>
Date: Thu, 09 May 2002 16:02:01 GMT

David <thunderbolt01@netscape.net> said:
>evan.cooch@NOSPAMcornell.edu wrote:
>> One of our IT folks here who is responsible for handling security on
>> part of the network I work on ran a scan on all our systems, including
>> my RH 7.1 box. He came up with several small little things for me to
>> 'attend to'. One of them, however, is something I'm not quite sure
>> what to do with. He mentions that my box is responding to ICMP
>> timestamp requests.
>
>If the system uses "sysctl" you can do it by adding this to
>/etc/sysctl.conf and then restart the network.
>
># Turn off the tcp_timestamps
>net.ipv4.tcp_timestamps = 0

... except that TCP and ICMP timestamps are not the same. I don't know
a way short of ipchains/iptables to shut off ICMP timestamp requests.

Here's a command to shut off incoming ICMP timestamp requests for
ipchains:

ipchains -A input -p icmp --icmp-type timestamp-request -j DROP

This, of course, is valid only until next reboot. Add the command
to one of your startup scripts to have a permanen effect (actually,
RH7.1 might even have a predetermined mechanism for making permanent
ipchains/iptables configuration). 

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Relevant Pages
Quantcast