Re: How do I filter ICMP? [7:17761]

Wed, 29 Aug 2001 16:02:07 -0700 

also, want to state that blocking all icmp may or may not be appropriate
depending on your level of paranoia.  Some useful info is relayed via
icmp.  You may want to try something like this.

permit icmp from monitoring hosts
deny icmp echo requests
permit other icmp

There was an article in Sysadmin magazine a few months back that talked in
greater detail about icmp types.

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Wed, 29 Aug 2001, John Neiberger wrote:

> Yep, Brian is right.  TCP and UDP echo are not the same as an ICMP echo
> request and echo reply.  In cisco terminology they are called small
> servers and I really don't know what they're used for, except perhaps
> some troubleshooting.  They seem to be pretty useless and it's a good
> idea to turn them off.
>
> no service tcp-small-servers
> no service udp-small-servers
>
> Anyway, as your list is currently constructed, this traffic is what
> you're blocking, not ICMP.
>
> HTH,
> John
>
> >>> "Brian Whalen"  8/29/01 4:45:42 PM >>>
> think u wanna replace tcp with icmp to block pings..
>
> Brian "Sonic" Whalen
> Success = Preparation + Opportunity
>
>
> On Wed, 29 Aug 2001, Mr. Magoo wrote:
>
> > Hi List!
> >
> > I would like to know how can I block ICMP echos (Ping & Trace) for
> an
> > specific interface, allowing everything else. I tried the ACL below
> but it
> > didn't work. What am I doing wrong??
> >
> > Router-R2#sh run
> >
> > access-list 101 deny   tcp any any eq echo
> > access-list 101 deny   udp any any eq echo
> > access-list 101 permit ip any any
> >
> > interface Ethernet0
> >  ip address 192.168.0.101 255.255.255.0
> >  ip access-group 101 in
> >  ip access-group 101 out
> >
> > Router-R2#r1
> > Trying R1 (192.168.0.100)... Open
> > Router-R1#ping r2
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echoes to 192.168.0.101, timeout is 2
> seconds:
> > !!!!!
> > Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
> > Router-R1#
> >
> > Thanks in advance!!
> >
> > Magoo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17771&t=17761
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to