Hi List!
I would like to know how can I block ICMP echos (Ping Trace) for an
specific interface, allowing everything else. I tried the ACL below but it
didn't work. What am I doing wrong??
Router-R2#sh run
access-list 101 deny tcp any any eq echo
access-list 101 deny udp any any eq echo
think u wanna replace tcp with icmp to block pings..
Brian Sonic Whalen
Success = Preparation + Opportunity
On Wed, 29 Aug 2001, Mr. Magoo wrote:
Hi List!
I would like to know how can I block ICMP echos (Ping Trace) for an
specific interface, allowing everything else. I tried the ACL
Thanks!!
- Original Message -
From: Brian Whalen
To: Mr. Magoo
Cc:
Sent: Wednesday, August 29, 2001 7:30 PM
Subject: Re: How do I filter ICMP? [7:17761]
think u wanna replace tcp with icmp to block pings..
Brian Sonic Whalen
Success = Preparation + Opportunity
On Wed, 29 Aug 2001
Yep, Brian is right. TCP and UDP echo are not the same as an ICMP echo
request and echo reply. In cisco terminology they are called small
servers and I really don't know what they're used for, except perhaps
some troubleshooting. They seem to be pretty useless and it's a good
idea to turn them
also, want to state that blocking all icmp may or may not be appropriate
depending on your level of paranoia. Some useful info is relayed via
icmp. You may want to try something like this.
permit icmp from monitoring hosts
deny icmp echo requests
permit other icmp
There was an article in
5 matches
Mail list logo