- Severity: Low
- Affected System: Domain Controller (DC1)
- Description: The vulnerability allows an attacker to retrieve the timestamp set on the targeted machine, which can assist in time-based attacks such as defeating time-based authentication protocols or performing DoS attacks.
-
Disable ICMP Timestamp Responses:
-
On Windows:
- Open Command Prompt as Administrator and run:
netsh advfirewall firewall add rule name="Disable ICMP Timestamp" protocol=icmpv4:13,any dir=in action=block - This will block inbound ICMP Timestamp requests.
- Open Command Prompt as Administrator and run:
-
On Linux:
- Open the terminal and add the following line to
/etc/sysctl.conf:net.ipv4.icmp_echo_ignore_all = 1
- Then apply the changes:
sudo sysctl -p
- Open the terminal and add the following line to
-
-
Network Access Controls:
- Implement firewall rules to block ICMP timestamp requests at the network perimeter.
- Restrict ICMP traffic to trusted hosts and networks only.
-
System Configuration:
- Configure all servers and network devices to use a synchronized time source (such as NTP) to prevent the risk of attacks based on time discrepancies.
- Implement logging for all ICMP requests to monitor for potential scanning attempts.
- Regularly review the system for unusual ICMP traffic patterns.
Screenshot:
