From: Weilong Chen <chenweil...@huawei.com>
Date: Mon, 13 May 2019 21:28:57 +0800

> The remote host answers to an ICMP timestamp request.
> This allows an attacker to know the time and date on your host.
> 
> This path is an another way contrast to iptables rules:
> iptables -A input -p icmp --icmp-type timestamp-request -j DROP
> iptables -A output -p icmp --icmp-type timestamp-reply -j DROP
> 
> Default is enabled.
> 
> enable:
>       sysctl -w net.ipv4.icmp_timestamp_enable=1
> disable
>       sysctl -w net.ipv4.icmp_timestamp_enable=0
> testing:
>       hping3 --icmp --icmp-ts -V $IPADDR
> 
> Signed-off-by: Weilong Chen <chenweil...@huawei.com>

Premise is wrong, understanding of what ICMP timestamp value actually
is is inaccurate, and the solution is wrong.

No way I am applying this, sorry.

Reply via email to