Check: GEN003602
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN003602
(in versions v1 r14 through v1 r10)
Title
The system must not process ICMP timestamp requests. (Cat III impact)
Discussion
The processing of Internet Control Message Protocol (ICMP) timestamp requests increases the attack surface of the system.
Check Content
Determine if the system is configured to respond to ICMP Timestamp requests. #lsfilt If there is no rule blocking ICMP packet type of 13 and ICMP packet type of 14, this is a finding.
Fix Text
Use SMIT or genfilt commands to configure the system firewall to block ICMP packet types 13, and 14.
Additional Identifiers
Rule ID: SV-38866r1_rule
Vulnerability ID: V-22409
Group Title: GEN003602
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |