Disable ICMP Timestamp Response
Posted: 17 Sep 2015, 12:59
Hi,
I am using CSF on my cpanel server, i want to disable ICMP Timestamp Response as Trustwave is failing PCI DSS scan due to this, how do I achieve this via CSF, I disabled incoming ICMP but that has not solved this issue. Below is the description given by Trustwave about this:
---
The ICMP protocol is used to support many administrative and maintenance messages on an IP network (the most commonly known utility that uses ICMP is "ping"). This system responded to an ICMP Timestamp request. An attacker could use the returned information (the time set on the target machine) in preparation for certain time-based attacks.
---
And remedition:
---
As a general rule, ICMP should be blocked at the perimeter of your network. This protocol has been used in numerous covert command and control channels employed by trojan horses and can also be used for general network reconnaissance; therefore, it should not be allowed into your network. The best place to filter this traffic is at a perimeter router via an access control list (ACL); however, you can also do this via firewall rulesets.
---
Please help.
Thanks.
I am using CSF on my cpanel server, i want to disable ICMP Timestamp Response as Trustwave is failing PCI DSS scan due to this, how do I achieve this via CSF, I disabled incoming ICMP but that has not solved this issue. Below is the description given by Trustwave about this:
---
The ICMP protocol is used to support many administrative and maintenance messages on an IP network (the most commonly known utility that uses ICMP is "ping"). This system responded to an ICMP Timestamp request. An attacker could use the returned information (the time set on the target machine) in preparation for certain time-based attacks.
---
And remedition:
---
As a general rule, ICMP should be blocked at the perimeter of your network. This protocol has been used in numerous covert command and control channels employed by trojan horses and can also be used for general network reconnaissance; therefore, it should not be allowed into your network. The best place to filter this traffic is at a perimeter router via an access control list (ACL); however, you can also do this via firewall rulesets.
---
Please help.
Thanks.