Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Security issues found on my Router during a scan

I need to know how to filter the ICMP timestamp requests (13) and the outgoing ICMP timestamp replies (14) on my 2600 series router.

How do I set NTP to restrict default access to ignore all info packets?

General TCP Warning: "The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. This may be used for portscanning and other things."

"Solutions: Contact your vendor for a patch" Any suggestions or is this a problem?

Thanks,

1 REPLY
Cisco Employee

Re: Security issues found on my Router during a scan

To filter ICMP packets you'll need an access-list on your interface. Something like:

access-list 100 deny icmp any any timestamp-reply

access-list 100 deny icmp any any timestamp-request

access-list 100 permit ip any any

With NTP, you can do something like the following (not exactly what you mean by ignoring info packets, do you mean query packets from other NTP devices?):

ntp access-group serve-only 99

access-list 99 permit 1.1.1.1

access-list 99 permit 2.2.2.2

The "serve-only" keyword says only provide server access, you can also use "query-only" to only provide query access, or "peer" to provide full access.

For the last question, not sure if it's talking about this (http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml), but if it is then fixes for it have ben available for quite a while. Keep in mind that this is only a problem for connections to the router itself, connections passing through the router are not affected.

151
Views
0
Helpful
1
Replies
CreatePlease to create content