Re: How to filter ICMP timestamp requests?

To: "Ralf G. R. Bergs" <rabe@RWTH-Aachen.DE>, "Debian Firewalling Mailing List" <debian-firewall@lists.debian.org>
Subject: Re: How to filter ICMP timestamp requests?
From: johan.hagstrom@intron.se
Date: Tue, 7 Dec 1999 09:04:13 +0100
Message-id: <[🔎] 199912070755.HAA16458@ns2.intron.se>
In-reply-to: <[🔎] E11uxzN-0005GS-00@ADSL-Bergs.RZ.RWTH-Aachen.DE>

The icmp type is specified from the origins port number. So to
block icmp timestamp requests from your internal network you
should use:

ipchains -p icmp -s $INTIP/0 13 -i $INTIF -j DENY

And to block icmp timestamp reply you should use:

ipchains -p icmp -s 0.0.0.0/0 14 -i $EXTIF -j DENY

Hope that helped. With best regards Johan.

On 6 Dec 99, at 14:17, Ralf G. R. Bergs wrote:
>snippet<
> Hi there....
> why isn't it enough to add the following to the beginning of
> I50external.rul:
>     $IPCHAINS -A input -j DENY -i $i -p ICMP -d $IPOFIF/32 13
>.....
> CyberCop is STILL able to retrieve the timestamp via ICMP.
> Any ideas?!
> TIA, Ralf
>/snippet<
**********************************************************
Johan Hagström           Data Ingenjör / KTH
Direkt: 0498 - 202732    johan.hagstrom@intron.se
Växel:  0498 - 202700    Fax: 0498 - 214640
Intron Service AB        http://www.gotlandica.com

"Security is not a solution. It is a way of life."
**********************************************************

Reply to:

References:
- How to filter ICMP timestamp requests?
  - From: "Ralf G. R. Bergs" <rabe@RWTH-Aachen.DE>

Prev by Date: How to filter ICMP timestamp requests?
Next by Date: OK, now how about proxies...
Previous by thread: How to filter ICMP timestamp requests?
Next by thread: Re: How to filter ICMP timestamp requests?
Index(es):
- Date
- Thread