ScanAlert - Report - Thane

Overview - 63.109.13.1
Last Audit Date
Urgent Critical High Medium Low
Total
29-MAR-2007 08:34 0 0 0 0 1 1
Open Ports - 63.109.13.1
Port Protocol Service Banner
None
Vulnerabilities - 63.109.13.1
None
Information Disclosures - 63.109.13.1
ICMP TimeStamp Request
Port First Detected Category
0 05-OCT-2006 14:34 Other
Protocol Fix Difficulty Impact
ICMP Medium Information Disclosure
Description
The remote host appears to answer to an ICMP timestamp request.
This allows an attacker to obtain date and local time information set on your machine. This information could be useful in finding a way to
circumvent your time based authentication protocols.
Solution
Filter out the ICMP timestamp requests (ICMP type 13), and the outgoing ICMP timestamp replies (ICMP type 14).
BlackICE firewall: This option is not available in all versions; see Links for details. The following lines can be added to the firewall.ini file
under the [MANUAL ICMP...] section:
REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL
Result
None
Links
BlackIce Admin Guide
BlackIce Block ICMP
Related
CVE CVE-1999-0524
Resolved Items - 63.109.13.1
Date 22-MAR-2007 12:43
Vulnerability
Resolved By
Incomplete Port Scan
John Pittinger
Port 0
Reason
The 63.109.13.1 is a router and will not be allowing port scans to be allowed. other than my DMZ port -80 443- 63.109.13.3 is
my PIX Device responsible for NAT xlation of my intranet devices. Neither device is a Web server. Thanks
Confidential - ScanAlert Security Audit Report
Page 6