(02)異常管理 » 02_資安事件及異常紀錄

IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References

10.15.83.241,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows

to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:

Packet 1: 208146215

Packet 2: 208146324

",1.3.6.1.4.1.25623.1.0.80091,"",0cfbb196-43f1-40dd-a8cc-7fc23cbc0cf0,"15.83-2-4",2024-06-13T12:02:46+08:00,41aa0f07-5ff6-4390-8d69-89e3f94a6130,"A side effect of this feature is that the uptime of the remote

host can sometimes be computed.","To disable TCP timestamps on linux add the line

'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at

runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when

initiating TCP connections, but use them if the TCP peer that is initiating communication includes

them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by

RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in

between to the target IP. The responses are searched for a timestamps. If found, the timestamps

are reported.

Details:

TCP Timestamps Information Disclosure

(OID: 1.3.6.1.4.1.25623.1.0.80091)

Version used: 2023-12-16T00:10:08+08:00

","","","",""

10.15.83.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows

to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:

Packet 1: 208146702

Packet 2: 208146810

",1.3.6.1.4.1.25623.1.0.80091,"",0cfbb196-43f1-40dd-a8cc-7fc23cbc0cf0,"15.83-2-4",2024-06-13T12:02:45+08:00,175d85ff-40ad-43b9-980e-3cac82e3ea40,"A side effect of this feature is that the uptime of the remote

host can sometimes be computed.","To disable TCP timestamps on linux add the line

'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at

runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when

initiating TCP connections, but use them if the TCP peer that is initiating communication includes

them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by

RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in

between to the target IP. The responses are searched for a timestamps. If found, the timestamps

are reported.

Details:

TCP Timestamps Information Disclosure

(OID: 1.3.6.1.4.1.25623.1.0.80091)

Version used: 2023-12-16T00:10:08+08:00

","","","",""

10.15.83.230,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows

to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.

The following timestamps were retrieved with a delay of 1 seconds in-between:

Packet 1: 208204658

Packet 2: 208204767

",1.3.6.1.4.1.25623.1.0.80091,"",0cfbb196-43f1-40dd-a8cc-7fc23cbc0cf0,"15.83-2-4",2024-06-13T12:02:45+08:00,3e00920a-4446-4093-b4b2-871a732cf095,"A side effect of this feature is that the uptime of the remote

host can sometimes be computed.","To disable TCP timestamps on linux add the line

'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at

runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when

initiating TCP connections, but use them if the TCP peer that is initiating communication includes

them in their synchronize (SYN) segment.

See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by

RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in

between to the target IP. The responses are searched for a timestamps. If found, the timestamps

are reported.

Details:

TCP Timestamps Information Disclosure

(OID: 1.3.6.1.4.1.25623.1.0.80091)

Version used: 2023-12-16T00:10:08+08:00

","","","",""

10.15.83.241,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:

- ICMP Type: 14

- ICMP Code: 0

",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",0cfbb196-43f1-40dd-a8cc-7fc23cbc0cf0,"15.83-2-4",2024-06-13T12:02:46+08:00,04d59cb8-d900-470d-99f6-95a02c10b1d8,"This information could theoretically be used to exploit weak

time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in

either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a

Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as

well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a

Timestamp Reply (Type 14) is received.

Details:

ICMP Timestamp Reply Information Disclosure

(OID: 1.3.6.1.4.1.25623.1.0.103190)

Version used: 2023-05-11T17:09:33+08:00

","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""

10.15.83.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:

- ICMP Type: 14

- ICMP Code: 0

",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",0cfbb196-43f1-40dd-a8cc-7fc23cbc0cf0,"15.83-2-4",2024-06-13T12:02:45+08:00,4e5c1a7e-b594-45a4-bd3c-f2d6283c8c84,"This information could theoretically be used to exploit weak

time-based random number generators in other services.","Various mitigations are possible:

- Disable the support for ICMP timestamp on the remote host completely

- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in

either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a

Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as

well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a

Timestamp Reply (Type 14) is received.

Details:

ICMP Timestamp Reply Information Disclosure

(OID: 1.3.6.1.4.1.25623.1.0.103190)

Version used: 2023-05-11T17:09:33+08:00

","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""