Recently, in the server (System CentOS 6.8 x64) Risk assessment detection, the following low-risk vulnerability, although the risk is low, but look is uncomfortable. Long-term engaged in it work, the total pursuit of perfection 650) this.width=650; "alt=" I_f03.gif "src=" Http://img.baidu.com/hi/face/i_f03.gif "/>.
650) this.width=650; "title=" bug.jpg "alt=" wkiom1gtg-uqurq0aaau89ggqz0303.jpg "src=" http://s1.51cto.com/wyfs02/M02 /8a/57/wkiom1gtg-uqurq0aaau89ggqz0303.jpg "/>
Vulnerability Description: Server will reply Icmp_timestamp queries and returns the current time of their system. This may allow attackers to attack some time-based authentication protocols.
Solution Recommendation: The following measures can be taken to mitigate the threat: filtering foreign ICMP timestamp(type a) message and outgoing ICMP timestamp reply message.
Based on the above recommendations, enable the Iptables firewall and add filtering rules:
# chkconfig Iptables on
# service Iptables Start
# iptables–l
Above three steps, if the firewall is turned on, do not need.
# iptables-a input-p ICMP--icmp-type timestamp-request-j DROP
# iptables-a output-p ICMP--icmp-type timestamp-reply-j DROP
# iptables-l
650) this.width=650; "title=" bug.jpg "alt=" wkiol1gthfubvrazaabhvfmy830360.jpg "src=" http://s4.51cto.com/wyfs02/M02 /8a/53/wkiol1gthfubvrazaabhvfmy830360.jpg "/>
# Service Iptables Save
iptables : Save firewall Rules to/etc/sysconfig/iptables: [OK]
A scan test is performed again, and the risk no longer exists.
PS: After a long time, did not come to write blog, lazy caused, self-review a bit.
This article is from the "sky High bird fly, sea wide with diving" blog, please be sure to keep this source http://xjlegend.blog.51cto.com/59163/1874017
Linux ICMP timestamp bug fix