Re: ICMP timestamp request is allowed from arbitrary hosts
- From: Rob Burnett <RobBurnett@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2006 23:12:52 +0000
There is no registry entry that specifically blocks individual ICMP types on
XP. In order to specifically block only timestamp requests, you will need to
enable the Windows Firewall on the XP machines and configure the rules to do
so.
Not sure if you understand what I am asking. In reality we are blocking ICMP
at numerous hardware firewalls which is fine. Point is Windows XP has the
built in software firewall and because we are a government entity we are
constantly under
security standards and scans that we we must meet and pass. One of the
vulnerabilities that is coming up on their scans is that ICMP timestamp
request is allowed from arbitrary hosts. Since we are blocking ICMP at the
hardware level we are operationally good because of this we disable winxp's
firewall. We are told that this is what is causing this hit to come up. And
even though it is not an external vulnerability they are looking at it as an
internal vulnerability. Now does that give a clearer picture? We are
basically figuring there has to be a way to change, or create a registry
entry that will help mitigate the situation.
"MowGreen [MVP]" wrote:
Ric,
See if this sheds any light on the issue:
Prevent hacker probing: Block bad ICMP messages
http://articles.techrepublic.com.com/5100-1035_11-5087087.html
My wireless home network blocks ICMP at the router's hardware firewall.
There is no domain nor is anything administered remotely on the network.
Your mileage *will* vary.
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
RicNagy wrote:
Our IA staff is running network scans and this (ICMP timestamp request is
allowed from arbitrary hosts) is one of the things we are taking a hit on.
Now we know we're blocking ICMP at the numerous firewalls. The problem I
believe is just internally due to a setting in the XP registry. We disable
the Windows XP firewall as we dont have a need for it. However I'm guessing
there is either a key that needs to be modified or created to rectify this so
it stops showing up on scans. Most of the articles I read on this talk about
blocking at your external firewalls which is what we are doing. This
particular hit we are taking seems to be related possibly to Windows and/or
the Windows XP firewall being disabled. We definitely do not want to enable
the Windows XP firewall. I'm figuring there has to be a key within the
registry to rectify this problem within the XP Operating System.
.
- References:
- Re: ICMP timestamp request is allowed from arbitrary hosts
- From: MowGreen [MVP]
- Re: ICMP timestamp request is allowed from arbitrary hosts
- Prev by Date: Re: Fresh install - now a bit of trouble with datafiles...
- Next by Date: Event 1401 - UPHClean.exe
- Previous by thread: Re: ICMP timestamp request is allowed from arbitrary hosts
- Next by thread: Re: McAfee VirusScan disables and enables randomly
- Index(es):
Relevant Pages
|
