PROTOCOL-ICMP Timestamp Request
This event is generated when an ICMP Timestamp request is made.
Information gathering. An ICMP Timestamp request can determine if a host is active.
An ICMP Timestamp request is used by the ping command to elicit an ICMP Timestamp reply from a listening live host. This rule alerts on a generic ICMP request where no payload is included in the message or the payload does not match more specific rules.
If ICMP type 8 (echo) traffic is filtered at a firewall, and attacker may try to use type 13 (timestamp) as an alternative.
Ease of attack
An ICMP Timestamp request may be used to legitimately troubleshoot networking problems.
Block inbound ICMP Timestamp requests.
- Original Rule Writer Unknown
- Cisco Talos
- Nigel Houghton
- Judy Novak
- Additional information by Steven Alexanderalexander.firstname.lastname@example.org