如何關閉 ICMP timestamp request

2024-07-11

ICMP timestamp request

CVE: CVE-1999-0524

風險: 低

檢測方式

nping --icmp --icmp-type 13 [主機 IP]

nping是 nmap 內的工具之一，需安裝 nmap 後即可使用

# nping --icmp --icmp-type 13 192.168.0.214

SENT (0.0183s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=1 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (0.0189s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=1 orig=0 recv=23653970 trans=23653970] IP [ttl=64 id=32096 iplen=40 ]
SENT (1.0191s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=2 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (1.0194s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=2 orig=0 recv=23654970 trans=23654970] IP [ttl=64 id=33035 iplen=40 ]
SENT (2.0206s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=3 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (2.0210s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=3 orig=0 recv=23655972 trans=23655972] IP [ttl=64 id=33691 iplen=40 ]
SENT (3.0221s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=4 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (3.0224s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=4 orig=0 recv=23656973 trans=23656973] IP [ttl=64 id=34381 iplen=40 ]
SENT (4.0235s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=25303 seq=5 orig=0 recv=0 trans=0] IP [ttl=64 id=57314 iplen=40 ]
RCVD (4.0240s) ICMP [192.168.0.214 > 192.168.0.213 Timestamp reply (type=14/code=0) id=25303 seq=5 orig=0 recv=23657975 trans=23657975] IP [ttl=64 id=34866 iplen=40 ]

Max rtt: 0.527ms | Min rtt: 0.198ms | Avg rtt: 0.341ms
Raw packets sent: 5 (200B) | Rcvd: 5 (200B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 4.04 seconds

關閉 ICMP timestamp 方式

iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP
iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP

確認有阻擋成功

# nping --icmp --icmp-type 13 192.168.0.214

Starting Nping 0.7.92 ( https://nmap.org/nping ) at 2024-07-11 14:35 CST
SENT (0.0179s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=1 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (1.0182s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=2 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (2.0195s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=3 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (3.0207s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=4 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]
SENT (4.0220s) ICMP [192.168.0.213 > 192.168.0.214 Timestamp request (type=13/code=0) id=22369 seq=5 orig=0 recv=0 trans=0] IP [ttl=64 id=6878 iplen=40 ]

Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 5 (200B) | Rcvd: 0 (0B) | Lost: 5 (100.00%)
Nping done: 1 IP address pinged in 5.03 seconds

相關參考：

分類：雲端 268
Tag security , linux , ICMP ,

留言

AWS WAF 設定, 無法上傳檔案的問題 (403 Forbidden error)

當使用 AWS WAF 內定的防火牆規則，於網站中上傳檔案時會出現 "403 Forbid

Inbound、Outbound (Ingress、Egress) 名詞筆記

筆記網路名詞，方便記憶 AWSSecurity Group 的名詞 Inbound傳入/入

MySQL 記錄慢查詢的方式 Slow Query Log

在 /etc/my.cnf 中加上三行設定這樣 MySQLd 啟動後，即自動記錄執行超過 0.2秒

504 Gateway Timeout 問題、解決

504 Gateway Timeout 原因之一： AP端(如 php)執行時間太久(如超過 30