Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stefano_Chiesa
Explorer

SPLAT R75.40 - disable TCP / ICMP timestamp

We were under audit and one of the finding is a TCP and ICMP timestamp response vulnerability/risk. The auditors recommend to turn TCP and ICMP timestamp off.

Does someone know how to do it and if there will be some "side effects"?

Thanks in advance.

Stefano.

0 Kudos
4 Replies
Danny
Champion Champion
Champion

HI Stefano,

you can find all timestamp services via the integrated search function of your SmartDashboard:

You've probably allowed icmp pings by permitting the entire icmp protocol suite, including timestamps:

Just replace icmp-proto with echo-request like this:

I wonder why your internal audit didn't note that R75.40 is a version that went out of support in April 2016. You should consider upgrading to a more recent release, such as R77.30 or higher.

Stefano_Chiesa
Explorer

Hi Danny, thanks for the greetings.

0 Kudos
Stefano_Chiesa
Explorer

Thanks a lot Danny, I'll try this solution.

Let me say that the most up-to-date clusters are R75.40 but there is a R65 HFA 70 cluster in production too.. Smiley Sad

Thanks again.

Stefano.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi Stefano,

I do a lot of security audits at our company. I think the timstamp problem is the smallest.

The following vulnerabilities should occur with R65HFA 70 and possibly R75.40:

- SHA1 vulnerabilities

- RC4 vulnerabilities

- poodle vulnerabilitys

and and and

I agree with Danny here. I should urgently upgrade the systems to R77.30 or higher.

Regards

Heiko

➜ CCSM Elite, CCME, CCTE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events