Free DISA STIG and SRG Library | Vaulted

V-81713

The macOS system must not process Internet Control Message Protocol [ICMP] timestamp requests.

Finding ID
AOSX-13-001220
Rule ID
SV-96427r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

ICMP timestamp requests reveal information about the system and can be used to determine which operating system is installed. Precise time data can also be used to launch time-based attacks against the system. Configuring the system to drop incoming ICMPv4 timestamp requests mitigates these risks.

Fix Text

To disable ICMP timestamp responses, add the following line to "/etc/sysctl.conf", creating the file if necessary: net.inet.icmp.timestamp=0

Check Content

To check if the system is configured to process ICMP timestamp requests, run the following command: sysctl net.inet.icmp.timestamp If the value is not set to "0", this is a finding.