STIGQter STIGQter: STIG Summary: Apple OS X 10.13 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: The macOS system must not process Internet Control Message Protocol [ICMP] timestamp requests.

DISA Rule

SV-96427r1_rule

Vulnerability Number

V-81713

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AOSX-13-001220

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To disable ICMP timestamp responses, add the following line to "/etc/sysctl.conf", creating the file if necessary:

net.inet.icmp.timestamp=0

Check Contents

To check if the system is configured to process ICMP timestamp requests, run the following command:

sysctl net.inet.icmp.timestamp

If the value is not set to "0", this is a finding.

Vulnerability Number

V-81713

Documentable

False

Rule Version

AOSX-13-001220

Severity Override Guidance

To check if the system is configured to process ICMP timestamp requests, run the following command:

sysctl net.inet.icmp.timestamp

If the value is not set to "0", this is a finding.

Check Content Reference

M

Target Key

3329

Comments