如何關閉 ICMP timestamp request

2024-07-11

ICMP timestamp request

CVE: CVE-1999-0524

風險: 低

檢測方式

nping --icmp --icmp-type 13 [主機 IP]
  • nping是 nmap 內的工具之一,需安裝 nmap 後即可使用
# nping --icmp --icmp-type 13 192.168.0.214

SENT (0.0183s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=1 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (0.0189s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=1 orig=0 recv=23653970 trans=23653970] IP [ttl=64 id=32096 iplen=40 ]
SENT (1.0191s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=2 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (1.0194s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=2 orig=0 recv=23654970 trans=23654970] IP [ttl=64 id=33035 iplen=40 ]
SENT (2.0206s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=3 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (2.0210s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=3 orig=0 recv=23655972 trans=23655972] IP [ttl=64 id=33691 iplen=40 ]
SENT (3.0221s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=4 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (3.0224s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=4 orig=0 recv=23656973 trans=23656973] IP [ttl=64 id=34381 iplen=40 ]
SENT (4.0235s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=5 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (4.0240s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=5 orig=0 recv=23657975 trans=23657975] IP [ttl=64 id=34866 iplen=40 ]

Max rtt: 0.527ms | Min rtt: 0.198ms | Avg rtt: 0.341ms
Raw packets sent: 5 (200B) | Rcvd: 5 (200B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 4.04 seconds

關閉 ICMP timestamp 方式

iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP
iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP

確認有阻擋成功

# nping --icmp --icmp-type 13 192.168.0.214

Starting Nping 0.7.92 ( https://nmap.org/nping ) at 2024-07-11 14:35 CST
SENT (0.0179s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=1 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (1.0182s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=2 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (2.0195s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=3 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (3.0207s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=4 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (4.0220s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=5 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]

Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 5 (200B) | Rcvd: 0 (0B) | Lost: 5 (100.00%)
Nping done: 1 IP address pinged in 5.03 seconds

相關參考:

分類:雲端      268
Tag security , linux , ICMP ,
留言

留言
top