03-30-2012 06:21 AM
I have some new Itaniums (rx2800 i2) running OpenVMS 8.4, with TCPIP Services 5.7 and recent patches for both. We are running services SSH, SMTP, SNMP, NTP, and FTP service (the latter ONLY across a VPN). IPSEC was available but we disabled it for our site. It just gets in the way and we have no particular need for it anyway. We are also running Legato/Networker for site backups (looks like RPC though we don't specifically enable RCP service), and we have ORACLE (Client only) installed, which uses an SQLNet port outbound.
This is a USA Dept. of Defense site, so we have to go through some security hoops. One of our scans said it saw a packet of type "ICMP Timestamp Request" so at first we thought that was NTP. However, we did some web searching and found that in general, NTP doesn't use that particular packet type. So...
Does anyone know which protocols in the above configuration DO use ICMP Timestamp Request packets? By any chance does the TCPIP$NTP system on OpenVMS use this kind of packet even though the web search suggests otherwise?
Solved! Go to Solution.
04-02-2012 11:56 AM
Thanks, Hoff. I'll pass that along to my guys on the Network Security team. I'll also perhaps take a run at the RFC for SNMP to see what it uses.. That's a great starting point.
04-03-2012 10:11 AM - edited 04-03-2012 10:12 AM
Well, some bad news and some better news.
SNMP doesn't do it. According to the RFC it has a TCP-class packet for this purpose, so doesn't need an ICMP packet. I can't even find an RFC that seriously talks about this request other than describing its format. I haven't found an RFC to admit using it.
The better news is that with some serious digging, we found a note that if you use eEYE scan products, there is a chance that the ICMP Timestamp Request "finding" is a false positive that would not actually elicit a response through any channel other than "localhost" as a partner.
Thanks for looking, though, Hoff.