The system must not respond to ICMP timestamp requests.
An XCCDF Rule
Description
By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.
- ID
- SV-216132r959010_rule
- Version
- SOL-11.1-050020
- Severity
- Low
- References
- Updated
Remediation Templates
A Manual Procedure
The Network Management profile is required.
Disable source respond to timestamp.
# pfexec ipadm set-prop -p _respond_to_timestamp=0 ip