AIX must not process ICMP timestamp requests.
An XCCDF Rule
Description
<VulnDiscussion>The processing of Internet Control Message Protocol (ICMP) timestamp requests increases the attack surface of the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-215429r508663_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the command prompt, run the following commands to create and activate "ipsec_v4" and "ipsec_v6" devices:
# mkdev -l ipsec -t 4
# mkdev -l ipsec -t 6
Run the following commands to create 2 IPsec rules to block the ICMP timestamp request and reply:
# genfilt -v 4 -a D -s 0 -m 0 -d 0 -M 0 -c icmp -O eq -P 13 -r B -w I -i all