Just another WordPress site

ICMP intrusion prevention

FOR security reasons, ICMP timestamp-request and timestamp-response must be turned off. Those ICMP packets allow any attacker to calculate your server’s local time (and therefore exploit weak random number generators). Additionally they also allow OS fingerprinting.

So in case your internal security scanner tells you to turn off ICMP, just execute the following commands:

1
2
iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp --icmp-type timestamp-reply -j DROP

Leave a comment for: "ICMP intrusion prevention"

You must be logged in to post a comment.