FOR security reasons, ICMP timestamp-request and timestamp-response must be turned off. Those ICMP packets allow any attacker to calculate your server’s local time (and therefore exploit weak random number generators). Additionally they also allow OS fingerprinting.
So in case your internal security scanner tells you to turn off ICMP, just execute the following commands:
iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp --icmp-type timestamp-reply -j DROP