Hi Sgp, access-list 100 deny icmp any any ttl-exceeded
Trace route uses TTL (Time To Live), so if you block TTL-exceeded, I think this might stop the trace routes. HTH, Scott -----Original Message----- From: Sgp YH [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 04, 2001 12:57 AM To: [EMAIL PROTECTED] Subject: Deny trace route using ACL on Cisco router [7:28047] Hi guys/gals Can someone share with me the experience in configuring ACL to deny trace route from the Internet to the internal network. I am wondering what ports to deny as it keeps changing. Cheers __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28086&t=28047 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]