1

It would seem like ICMP timestamping is quite a useful feature for troubleshooting networks with asymmetric paths.

Replies to icmp(4) timestamp requests are generated by the kernel:

  • On OpenBSD, the feature is controlled by sysctl net.inet.icmp.tstamprepl, which is enabled by default.

  • FreeBSD even has no option to disable only the timestamp feature of ICMP (see case ICMP_TSTAMP in icmp_input())

On OS X, the respective setting is net.inet.icmp.timestamp, which is specifically disabled by default. Why?

Community
  • 1
cnst
  • 1,884
  • 2
  • 19
  • 30

1 Answers1

2

The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • But most modern systems have clocks set to the same time within a few seconds -- and I think Mac OS X even synchronizes using NTP by default. – user1686 Nov 27 '13 at 12:20