Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
190
Views
0
Helpful
1
Replies

How to Fix ICMP timestamp response Vulnerability in cisco IOS

rtm1am@hotmail.com
Level 1
Level 1

‎05-06-2024 07:09 AM

Team,

Currently we do not have an ACl on our outside interface. If apply the following ACL will it only block the deny ICMP statements?

Extended IP access list DENY_ICMP
10 deny icmp any any timestamp-request
20 deny icmp any any timestamp-reply
30 permit icmp any any
40 permit ip any any

 

Labels:
0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎05-06-2024 08:11 AM

 

  - Looks like correct ; you may  verify this for instance with hping3 as in :
                   #  hping3 target-ip-address   --icmp --icmp-ts -V

   In general for security and or vulnerability issues , use latest advisory software version on the device and check the vulnerability again , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card