ICMP Timestamps

HowTo Disable ICMP Timestamps on CentOS

ICMP Timestamps are not controlled with a sysctl kernel adjustment like tcp timestamps, but rather need to be filtered by your firewall. There are two types of ICMP timestamp packets, a timestamp-request and a timestamp-reply, both of which can be filtered with iptables (or firewalld example coming soon).

Drop ICMP timestamp-request with IPTables

iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP

Drop ICMP timestamp-reply with IPTables

iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP

Drop ICMP Timestamp Packets and Persist

You can persist this by adding the lines to your /etc/sysconfig/iptables file.

vi /etc/sysconfig/iptables

Append the following lines to the bottom.

-A INPUT -p ICMP --icmp-type timestamp-reply -j DROP
-A INPUT -p ICMP --icmp-type timestamp-request -j DROP

If you have not previously run the commands above manually, restart iptables to have it reload this configuration file to take affect.

/etc/init.d/iptables restart

You can test this is working properly with hping.

(Comments)

Comments