Remove ICMP Timestamp Request on Cisco 837 - Page 3

whiteford · ‎07-18-2007

We have a few Cisco 837's working as L2L's. I have scanned them for vulnerabilities, and received this message, and need jelp to remove it:

ICMP Timestamp Request:

THREAT:

ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. It's principal purpose is to provide a protocol layer able to inform gateways of the inter-connectivity and accessibility of other gateways or hosts. "ping" is a well-known program for determining if a host is up or down. It uses ICMP echo packets. ICMP timestamp packets are used to synchronize clocks between hosts.

IMPACT:

Unauthorized users can obtain information about your network by sending ICMP timestamp packets. For example, the internal systems clock should not be disclosed since some internal daemons use this value to calculate ID or sequence numbers (i.e., on SunOS servers).

SOLUTION:

You can filter ICMP messages of type "Timestamp" and "Timestamp Reply" at the firewall level. Some system administrators choose to filter most types of ICMP messages for various reasons. For example, they may want to protect their internal hosts from ICMP-based Denial Of Service attacks, such as the Ping of Death or Smurf attacks.

However, you should never filter ALL ICMP messages, as some of them ("Don't Fragment", "Destination Unreachable", "Source Quench", etc) are necessary for proper behavior of Operating System TCP/IP stacks.

It may be wiser to contact your network consultants for advice, since this issue impacts your overall network reliability and security.

Richard Burts · ‎07-30-2007

Andy

The commands you use to do the upgrade would be the same whether it was a local upgrade or a remote upgrade. You access the router (via telnet or via console if you are local) and "copy tftp: flash:" to copy the new image into flash. The copy process will prompt you for the address of the tftp server, the file name of the image file, and whether to erase the content of flash, and then will do the copy. The thing about doing it as a local upgrade is that if something goes wrong in the upgrade process that you still have local access to the router to recover from the problem. Also if you are doing it as a local upgrade it is advantageous to have the image file on the hard drive of your PC and to have a tftp server installed on your PC so that you can do the tftp copy as a local LAN copy rather than using the wide area network to do the copy.

HTH

Rick

HTH

Rick

whiteford · ‎07-30-2007

Hi Rick, once its been copied across do I need to execute to be installed?

Thanks

Richard Burts · ‎07-30-2007

Andy

Once the new image has been copied into flash (and assuming that it is the only image in flash) you do not have to do anything else. When the router restarts (from reload command, or from power cycle, or from some other cause) the router will load and execute the new image code.

HTH

Rick

HTH

Rick

whiteford · ‎07-30-2007

Great Rick, if there isn't enough space, do I need to delete what's already in the flash memory?

Richard Burts · ‎07-30-2007

Andy

In general yes if there is not enough space you would delete what is already in flash to make room. From one of your earlier postings this is what is in your flash:

System flash directory:

File Length Name/status

1 6171780 c837-k9o3y6-mz.123-2.XA.bin

[6171844 bytes used, 6148924 available, 12320768 total]

12288K bytes of processor board System flash (Read/Write)

and it indicates that the image file is the only thing in flash. The copy process can take care of that, so I would not suggest that you manually attempt to delete anything.

HTH

Rick

HTH

Rick

whiteford · ‎07-30-2007

Thanks Rick, ill give that a go.

It seems no one uses the adsm GUI on these 837's, since getting one out of the box and making so many changes I can't get back on the adsm is this normal0and is the adsm updated Ruth a newer image?