COMMAND

    kernel

SYSTEMS AFFECTED

    Linux 2.2.x, 2.4.x

PROBLEM

    Ofir  Arkin  found  following.   With  previous avisories Ofir has
    already outlined the fact that Microsoft Windows 98/98 SE/ME,  and
    the  Microsoft  Windows  2000  Family  that  have answered an ICMP
    Timestamp requests with the code field set to zero, do not produce
    any reply back when they  are queried with ICMP Timestamp  request
    with Code field set to a value different than zero.

    When Ofir has tried this  on LINUX machines based on  Kernel 2.2.x
    & 2.4.x  he has encountered a different pattern of behavior:

        20:10:18.138486 ppp0 > x.x.x.x > y.y.y.y: icmp: time stamp request (ttl 255, id 13170)
			         4500 0028 3372 0000 ff01 606c xxxx xxxx
			         yyyy yyyy 0d26 2e0c 7c04 0000 03af 451a
			         0000 0000 0000 0000
        20:10:18.354222 ppp0 < y.y.y.y > x.x.x.x: icmp: time stamp reply (ttl 243, id 15717)
			         4500 0028 3d65 0000 f301 6279 yyyy yyyy
			         xxxx xxxx 0e00 888b 7c04 0000 03af 451a
			         0422 4e31 0422 4e31

    Linux zero out the code field on its ICMP Timestamp reply.

SOLUTION

    This is an inconsistency with LINUX behavior, since with ICMP Echo
    request sent  with the  code field  set to  a value different then
    zero LINUX is echoing the value back.  Nothing yet.