Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

1033 ICMP netmask obtained

I have received an Audition on my network with possible weakness or vulnerability for an attack. The description is the follow:

-----------------------------------------------------------------------------------------------------------

1033 ICMP netmask obtained

Risk Factor: Low

Complexity: Medium

Popularity: Obscure

Impact: Intelligence

Root Cause: Insecure Design

Ease of Fix: Moderate

Description: The netmask was obtained from the target host utilizing a capability present within the ICMP protocol. The ICMP protocol provides an operation to query a remote host for the network netmask.

Security Concerns: This information can assist an attacker in determining the internal structure of your network, as well as the routing scheme.

-----------------------------------------------------------------------------------------------------------

I have suggestions to block ICMP and the issue is solved. I want know if exist other possibility to protect my network without block ICMP. My network have a Core router 7500 Series with 02 international links and others small routers directly connected to it.

Tx for the help

2 REPLIES
New Member

Re: 1033 ICMP netmask obtained

you can configure "no ip mask-reply" under interfaces to stop this.

New Member

Re: 1033 ICMP netmask obtained

Ok do you know some other command that can apply for this warning without block ICMP service? :

----------------------------------------------------------------------------------

1032ICMP timestamp obtained

Risk Factor: Low

Complexity: Medium

Popularity: Obscure

Impact: Intelligence

Root Cause: Insecure Design

Ease of Fix: Moderate

Description: The system time was obtained from the target host utilizing a capability present within the ICMP protocol. The ICMP protocol provides an operation to query a remote host for the current system time.

Security Concerns: This information may be used by an attacker when attacking time based authentication protocols.

---------------------------------------------------------------------------------------------------------

I appreciate your help and Tx a lot.

112
Views
0
Helpful
2
Replies
CreatePlease to create content