Information
The Routing Engine should not return Timestamp information to Ping Requests
Rationale:
When the Timestamp Request option is set in a Echo Request (ping) packet, a host generally responds with its current system time when the ping is received.
Attackers may use Echo Requests with the Timestamp option set during recognizance of a network to obtain details of the configuration and state.
The use of these options is largely deprecated, with no valid usage in almost all modern networks; therefore, the JUNOS Device should be configured not to return the Timestamp in ICMP Echo Responses.
Impact:
ICMP Echo Requests (pings) with the Request Timestamp Option set will still receive a response (unless blocked elsewhere), but the JUNOS Device will not return the additional Timestamp information.
Solution
To ignore Echo Requests with the Timestamp Request option set, issue the following command from the [edit system] hierarchy;
[edit system]
user@host#set no-ping-time-stamp
Default Value:
By default the Routing Engine responds to Echo Requests with the Timestamp Request option set, including the current system time of the router.