ICMP vulnerability:

ICMP issue on ubuntu server

Issue:

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

# Block ICMP timestamp requests
sudo iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP

# Block outgoing ICMP timestamp replies
sudo iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP

These commands add rules to the firewall (iptables) to drop incoming ICMP timestamp requests and outgoing ICMP timestamp replies. This prevents the disclosure of system time through ICMP packets.

Openssl and openssl latest version:

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
tar -xzvf openssh-9.7p1.tar.gz
sudo apt install build-essential libssl-dev zlib1g-dev
cd openssh-9.7p1
./configure
make
sudo make install

Verify now:

ssh -V

PreviousAnsible Playbook NextAWS Series

Last updated 6 months ago