[ale] ICMP Timestamp

Bob Toxen transam at verysecurelinux.com
Thu Apr 20 13:41:05 EDT 2006


On Wed, Apr 19, 2006 at 03:06:14PM -0500, Denny Chambers wrote:
> Does anybody know if I would break anything by disabling the ICMP 
> Timestamp function in the ICMP kernel code. I want to leave the function 
> in place, but comment out the code, to basically make is a no op 
> funtion. Incoming ICMP Timestamp request would call the function, but 
> the function would do nothing, and not return a responce. I have a 
> kernel running, with the code turned off, and everything appears to work 
> ok. Just wondering if there is some functionality that I could be 
> breaking that I am not aware of.
You ask the wrong question.  The answer to it is no, it won't break anything.

The right question is "does a system need to respond to ICMP Timestamp
requests and what is the easiest way to block them?"

The answer is that they are unneeded.  The best way to block them is with
IP Tables or IP Chains.  See my book for details.

> Denny

Best regards,

Bob Toxen, CTO
Horizon Network Security
"Your expert in Firewalls, Virus and Spam Filters, VPNs, Linux System
Administration, local and remote backup software, Network Monitoring,
and Network Security consulting"

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, Czech, and Polish.

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke



More information about the Ale mailing list