Linux ICMP timestamp bug fix

Recently, in the server (System CentOS 6.8 x64) Risk assessment detection, the following low-risk vulnerability, although the risk is low, but look is uncomfortable. Long-term engaged in it work, the total pursuit of perfection 650) this.width=650; "alt=" I_f03.gif "src=" Http://img.baidu.com/hi/face/i_f03.gif "/>.

650) this.width=650; "title=" bug.jpg "alt=" wkiom1gtg-uqurq0aaau89ggqz0303.jpg "src=" http://s1.51cto.com/wyfs02/M02 /8a/57/wkiom1gtg-uqurq0aaau89ggqz0303.jpg "/>

Vulnerability Description: Server will reply Icmp_timestamp queries and returns the current time of their system. This may allow attackers to attack some time-based authentication protocols.

Solution Recommendation: The following measures can be taken to mitigate the threat: filtering foreign ICMP timestamp(type a) message and outgoing ICMP timestamp reply message.

Based on the above recommendations, enable the Iptables firewall and add filtering rules:

# chkconfig Iptables on

# service Iptables Start

# iptables–l

Above three steps, if the firewall is turned on, do not need.

# iptables-a input-p ICMP--icmp-type timestamp-request-j DROP

# iptables-a output-p ICMP--icmp-type timestamp-reply-j DROP

# iptables-l

650) this.width=650; "title=" bug.jpg "alt=" wkiol1gthfubvrazaabhvfmy830360.jpg "src=" http://s4.51cto.com/wyfs02/M02 /8a/53/wkiol1gthfubvrazaabhvfmy830360.jpg "/>

# Service Iptables Save

iptables : Save firewall Rules to/etc/sysconfig/iptables: [OK]

A scan test is performed again, and the risk no longer exists.

PS: After a long time, did not come to write blog, lazy caused, self-review a bit.

This article is from the "sky High bird fly, sea wide with diving" blog, please be sure to keep this source http://xjlegend.blog.51cto.com/59163/1874017

Linux ICMP timestamp bug fix