[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to filter ICMP timestamp requests?



The icmp type is specified from the origins port number. So to
block icmp timestamp requests from your internal network you
should use:

ipchains -p icmp -s $INTIP/0 13 -i $INTIF -j DENY

And to block icmp timestamp reply you should use:

ipchains -p icmp -s 0.0.0.0/0 14 -i $EXTIF -j DENY

Hope that helped. With best regards Johan.

On 6 Dec 99, at 14:17, Ralf G. R. Bergs wrote:
>snippet<
> Hi there....
> why isn't it enough to add the following to the beginning of
> I50external.rul:
>     $IPCHAINS -A input -j DENY -i $i -p ICMP -d $IPOFIF/32 13
>.....
> CyberCop is STILL able to retrieve the timestamp via ICMP.
> Any ideas?!
> TIA, Ralf
>/snippet<
**********************************************************
Johan Hagström           Data Ingenjör / KTH
Direkt: 0498 - 202732    johan.hagstrom@intron.se
Växel:  0498 - 202700    Fax: 0498 - 214640
Intron Service AB        http://www.gotlandica.com

"Security is not a solution. It is a way of life."
**********************************************************


Reply to: