Question
How do I prevent AIX from replying to ICMP timestamp requests?
Answer
ICMP timestamp requests and replies can be blocked using ip filters
The filesets for ip filters (ipfl.rte and ipfl.man.en_US) can be found on the AIX 5.3 and AIX 6.1 Expansion Pack media.Once the filesets are installed, you will need to create configuration file for ipf
# vi /etc/ipf.conf
# Block ICMP timestamp requests and replies
block in log proto icmp from any to any icmp-type 13 #timestamp
block in log proto icmp from any to any icmp-type 14 #timestamp reply
Load the IP filter kernel extension
# /usr/lib/methods/cfg_ipf -l
Load the IP filter rules
# ipf -f /etc/ipf.conf
Confirm the rules were loaded
# ipfstat -i
block in log proto icmp from any to any icmp-type timest
block in log proto icmp from any to any icmp-type timestrep
Start the IP filter logging daemon, if desired
# /usr/sbin/ipmon -s -D
To load the IP filter kernel extension and rules at boot, you can create a script to be called from the inidivab
# vi /etc/rc.ipf
#!/bin/ksh
#
# Script to load ip filter kernel extension,
# filter rules, and logging
#
# Load IPFilter into kernel
/usr/lib/methods/cfg_ipf -l
# Load ipmon and log to syslog
/usr/sbin/ipmon -s -D
# Load IP filter rules
/usr/sbin/ipf -Fa -f /etc/ipf.conf
# chmod 755 /etc/rc.ipf
Then add an entry to the inidivab to execute the script at run level 2
# mkitab "rcipf:2:once:/etc/rc.ipf > /dev/console 2>&1 # Load IP Filter"
ipmon will send messages to syslog using the local0 facility. If you wish to log those messages, you can configure syslog to do so.
# vi /etc/syslog.conf
Add the following line:
local0.debug /var/adm/local0.log
# touch /var/adm/local0.log
# refresh -s syslogd
0 blogger-disqus:
Post a Comment