On Fri, Oct 11, 2013 at 08:44:36AM +0600, ???? ??????? wrote: > 2013/10/10 Philip Guenther <guent...@gmail.com>: > > On Thu, Oct 10, 2013 at 4:30 AM, ???? ??????? <chipits...@gmail.com> wrote: > >> I use ntp already. > > > > So everyone can predict what your machine would have sent in response > > to an ICMP timestamp query, meaning that turning it off doesn't hide > > anything. > > > > > >> I am about to switch icmp timestamps off (security people are afraid > >> of that setting), > > > > Cargo cult security. > > it is known behavior of security people. > > > > > > >> just curious what was the purpose of it. > > > > Oddly enough, the RFC that defines it (RFC792) has a reference about that. > > by "purpose" I mean common use scenarios, like > > "we enable ssh by default, because it is used in routine > administration and automation tasks, not because of RFC" > > "we enable icmp destination unreachable, because it is used commonly > in PMTU mechanisms, not because it is mentioned in some RFC" > > or you enable everything found in RFC ? you must be odd if so. I am > not that odd. >
The better question is why block it? What is the attack vector? You start with ICMP timestamps, next you block ICMP echo then all of ICMP and by that break the internet. I waste way to much time with situations where I can't debug network issues because people block important internet control messages. So if there is not a well known threat (e.g. source routing or the fameous IPv6 rtr-0 header) it should not be disbale just for a bit of a warm fuzzy feeling. -- :wq Claudio
