Dear All,

we have got an ITSec question regarding above mentioned CVE. Our AAC (version 10.0.8.0 + IF2) server has responding :-D such ICMP requests.

Did you have any idea  / solution for this? Can we simple ignore this "alert"? 

Note that CVE-1999-0524 is about two things:  timestamp requests and netmask requests.

Timestamp requests are a bit of a non-issue, since you can assume NTP is being used, so you "know" what time it is on the machines (to the millisecond) without even asking for it. 

Netmask requests are problematic since they allow an adversary to map your internal networks, but if you're segmented enough, and the routers/firewalls are dropping the ICMP types 13, 14, 17, and 18, you'll only be able to asks for the netmask from a machine on the same subnet (which already knows the netmask), therefore the response gives no answer that isn't already known.

# Disable responses to timestamp requests
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Or use iptables/nftables:
iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP

To add the first to the appliance you'd use the following advanced tuning parameter:
Key: sysctl.net.ipv4.icmp_ignore_bogus_error_responses

Value: 1

This is the entry in the 'iswga/sysctl.txt' file that shows the output of all these System properties:
net.ipv4.icmp_ignore_bogus_error_responses = 1