Friday, May 24, 2024

Remediate ICMP Timestamp Request Remote Date Disclosure

If your security team is sending you vulnerabilities about ICMP Timestamp Request Remote Date Disclosure, they might look like "Filter out the ICMP timestamp requests (13) and the outgoing ICMP timestamp replies (14)." Then the solution is to either create a GPO to manage a couple of firewall rules or create them locally.  Below is a quick script to create them locally:

$fwICMP13 = @{
    DisplayName = "Disable inbound ICMP timestamp requests"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 13
    Action = "Block"
}
$fwICMP14 = @{
    DisplayName = "Disable outbound ICMP timestamp replies"
    Direction = "Inbound"
    Protocol = "ICMPv4"
    ICMPType = 14
    Action = "Block"
}
 
New-NetFirewallRule @fwICMP13
New-NetFirewallRule @fwICMP14


Enjoy! 

No comments:

Post a Comment