In some of VM scans I notice that a lot of servers are tagged with a curious vulnerability: ICMP Timestamp.
Due to a long history, some of the servers are indeed providing this information. I was able to lockdown all ICMP at the firewall level, only allowing ICMP ECHO (Type 8: echo-request) allowing users to ping some servers from the Internet.
So, blocking every type of ICMP and allowing only Type should be able to block type 13 (ICMP timestamp)...
And it was, from the Internet all the scanned IP are dropped by the firewall. However, when Qualys scans the IP's, it's still tagged as vulnerable...
So, my question is, is it a false positive? Or there is different way to perform a ICMP timestamp with ICMP Type 8 enabled?
Do it happens to someone else?