- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: SPLAT R75.40 - disable TCP / ICMP timestamp
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SPLAT R75.40 - disable TCP / ICMP timestamp
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Stefano,
you can find all timestamp services via the integrated search function of your SmartDashboard:
You've probably allowed icmp pings by permitting the entire icmp protocol suite, including timestamps:
Just replace icmp-proto with echo-request like this:
I wonder why your internal audit didn't note that R75.40 is a version that went out of support in April 2016. You should consider upgrading to a more recent release, such as R77.30 or higher.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Stefano,
you can find all timestamp services via the integrated search function of your SmartDashboard:
You've probably allowed icmp pings by permitting the entire icmp protocol suite, including timestamps:
Just replace icmp-proto with echo-request like this:
I wonder why your internal audit didn't note that R75.40 is a version that went out of support in April 2016. You should consider upgrading to a more recent release, such as R77.30 or higher.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Danny, thanks for the greetings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot Danny, I'll try this solution.
Let me say that the most up-to-date clusters are R75.40 but there is a R65 HFA 70 cluster in production too..
Thanks again.
Stefano.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stefano,
I do a lot of security audits at our company. I think the timstamp problem is the smallest.
The following vulnerabilities should occur with R65HFA 70 and possibly R75.40:
- SHA1 vulnerabilities
- RC4 vulnerabilities
- poodle vulnerabilitys
and and and
I agree with Danny here. I should urgently upgrade the systems to R77.30 or higher.
Regards
Heiko
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. Any idea how to disable the same but on MDS smart center or log server, for local vulnerability scanner, where there is no firewall in between?
Edit: Have also some Eventia Reporter servers with same "issue", for which I can not even open smart console directly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That requires disabling them at the OS level.
For TCP timestamps: sysctl -w net.ipv4.tcp_timestamps=0
For ICMP, I'm not sure it's relevant or not and would recommend engaging TAC: https://help.checkpoint.com