When I scan my server with the Tenable Nessus Vulnerability Scanner ( www.nessus.org ), I am cautioned that ICMP Timestamp Request/Reply are not blocked. How concerned should I be? Do I really need to block them? What do you reckon?
Output from the Nessus Vulnerability Scanner:
"It is possible to determine the exact time set on the remote host.
Description : The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols."