This plugin seems to be generating false positives when used in conjunction with other firewall checks.
In particular, if another check running at the same time as 10114 returns an Administratively Prohibited (Type: 3 Code: 10) ICMP response, it is giving a positive response to the ICMP timestamp plugin. When used by itself, the vulnerability does not show up on servers which are actively blocking ICMP type 13 and Response type 14. A TCPdump of the plugin scan attempt captures no timestamp information whatsoever in either the scan test or the Type 3 response which generates the false positive. Has this been noted, or has anyone else witnessed a similar problem with this plugin? If so, is there a fix? Thanks, -- Clinton Watson Datawire Communication Networks Inc. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
