Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3155
Views
0
Helpful
1
Replies

How to Fix ICMP timestamp response Vulnerability in cisco IOS

rtm1am@outlook.com
Level 1
Level 1

‎05-06-2024 07:09 AM

Team,

Currently we do not have an ACl on our outside interface. If apply the following ACL will it only block the deny ICMP statements?

Extended IP access list DENY_ICMP
10 deny icmp any any timestamp-request
20 deny icmp any any timestamp-reply
30 permit icmp any any
40 permit ip any any

 

Labels:
0 Helpful
1 Reply 1

Mark Elsen
Hall of Fame
Hall of Fame

‎05-06-2024 08:11 AM

 

  - Looks like correct ; you may  verify this for instance with hping3 as in :
                   #  hping3 target-ip-address   --icmp --icmp-ts -V

   In general for security and or vulnerability issues , use latest advisory software version on the device and check the vulnerability again , 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful
Customers Also Viewed These Support Documents