GEN:SID | 1:453 |
Message | ICMP Timestamp Request |
Summary | This event is generated when an ICMP Timestamp request is made.
|
Impact | Information gathering. An ICMP Timestamp request can determine if a host is active.
|
Detailed Information | An ICMP Timestamp request is used by the ping command to elicit an ICMP Timestamp reply from a listening live host. This rule alerts on a generic ICMP request where no payload is included in the message or the payload does not match more specific rules.
If ICMP type 8 (echo) traffic is filtered at a firewall, and attacker may try to use type 13 (timestamp) as an alternative.
|
Affected Systems | All
|
Attack Scenarios | An attacker may attempt to determine live hosts in a network prior to launching an attack.
|
Ease of Attack | Simple
|
Corrective Action | Block inbound ICMP Timestamp requests.
|
Additional References | |