From: Weilong Chen <chenweil...@huawei.com> Date: Mon, 13 May 2019 21:28:57 +0800
> The remote host answers to an ICMP timestamp request. > This allows an attacker to know the time and date on your host. > > This path is an another way contrast to iptables rules: > iptables -A input -p icmp --icmp-type timestamp-request -j DROP > iptables -A output -p icmp --icmp-type timestamp-reply -j DROP > > Default is enabled. > > enable: > sysctl -w net.ipv4.icmp_timestamp_enable=1 > disable > sysctl -w net.ipv4.icmp_timestamp_enable=0 > testing: > hping3 --icmp --icmp-ts -V $IPADDR > > Signed-off-by: Weilong Chen <chenweil...@huawei.com> Premise is wrong, understanding of what ICMP timestamp value actually is is inaccurate, and the solution is wrong. No way I am applying this, sorry.
