Rule ID
SV-45721r1_rule
Version
V1R12
CCIs
The processing of (ICMP) timestamp requests increases the attack surface of the system.
Verify the system does not respond to ICMP TIMESTAMP_REQUESTs Procedure: # iptables -L INPUT | grep "timestamp" This should return the following entries for "timestamp-reply" and "timestamp_request": DROP icmp -- anywhere anywhere icmp timestamp-request DROP icmp -- anywhere anywhere icmp timestamp-reply If either does not exist or does not "DROP" the message, this is a finding.
Configure the system to not respond to ICMP TIMESTAMP_REQUESTs. This is done by rejecting ICMP type 13 and 14 messages at the firewall. Procedure: 1. Check the SuSEfirewall2 configuration to see if custom rules are being used: # grep -v '^#' /etc/sysconfig/SuSEfirewall2 | grep FW_CUSTOMRULES If the command returns FW_CUSTOMRULES=”” then no custom rules are being used. In that case edit the /etc/sysconfig/SuSEfirewall2 file and use the vendor supplied file by setting FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" 2. Edit the file defined by the FW_CUSTOMRULES variable and add these commands to append the INPUT chain: iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP Restart the firewall: # rcSuSEfirewall2 restart