3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0

Information

This setting controls whether Solaris will respond to ICMP broadcast timestamp requests.

Reduce attack surface by restricting this vector used for host discovery and to prevent denial of service attacks.

Solution

To enforce this setting, use the command:
# ipadm set-prop -p _respond_to_timestamp_broadcast=0 ip

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 0455a7de0d144b5c647de1c218f240c5bd2510f2de71a70079fbbdc1c4dc44e8