The system must not respond to ICMP broadcast timestamp requests.
An XCCDF Rule
Description
By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.
- ID
- SV-216370r959010_rule
- Version
- SOL-11.1-050030
- Severity
- Low
- References
- Updated
Remediation Templates
A Manual Procedure
The Network Management profile is required.
Disable respond to timestamp broadcasts.
# pfexec ipadm set-prop -p _respond_to_timestamp_broadcast=0 ip