Skip to content

Latest commit

 

History

History
39 lines (32 loc) · 1.54 KB

ICMP_Timestamp_Mitigation.md

File metadata and controls

39 lines (32 loc) · 1.54 KB

ICMP Timestamp Request Remote Date Disclosure Mitigation

Vulnerability ID: 10114

  • Severity: Low
  • Affected System: Domain Controller (DC1)
  • Description: The vulnerability allows an attacker to retrieve the timestamp set on the targeted machine, which can assist in time-based attacks such as defeating time-based authentication protocols or performing DoS attacks.

Mitigation Steps

  1. Disable ICMP Timestamp Responses:

    • On Windows:

      • Open Command Prompt as Administrator and run:
        netsh advfirewall firewall add rule name="Disable ICMP Timestamp" protocol=icmpv4:13,any dir=in action=block
      • This will block inbound ICMP Timestamp requests.
    • On Linux:

      • Open the terminal and add the following line to /etc/sysctl.conf:
        net.ipv4.icmp_echo_ignore_all = 1
      • Then apply the changes:
        sudo sysctl -p
  2. Network Access Controls:

    • Implement firewall rules to block ICMP timestamp requests at the network perimeter.
    • Restrict ICMP traffic to trusted hosts and networks only.
  3. System Configuration:

    • Configure all servers and network devices to use a synchronized time source (such as NTP) to prevent the risk of attacks based on time discrepancies.

Additional Recommendations

  • Implement logging for all ICMP requests to monitor for potential scanning attempts.
  • Regularly review the system for unusual ICMP traffic patterns.

Screenshot:
ICMP Timestamp Vulnerability