ICMP timestamp – firewall configured to drop timestamp request, but vulnerability scanner can send request and get a response
We use an external scanner (Qualys) to scan our external assets. We have a firewall in front of the external assets, but it is configured to whitelist the scanner so that the external assets get scanned in-depth. But the firewall is also configured to drop incoming ICMP timestamp requests, which the scanner is still able to send and get a timestamp request from the external assets behind the firewall.
We have consulted with the vendor, vendor conducted some scans and analysis on their end and replied the target response cannot be controlled by Qualys scan. The ICMP timestamp is an active QID means it is only flagged based on the target response. And yes, I can see the timestamp response with the actual timestamp replies for the scanned assets. So I am just wondering whether I am missing something here. Apologies in advance if it seems to be a silly question to ask :) Any guidance would be much appreciated.
