RE: [nsp] icmp blocking

• Next message: Gert Doering: "Re: [nsp] icmp blocking"
• Previous message: Rob Thomas: "Re: [nsp] icmp blocking"
• Maybe in reply to: Birsen Ozturk: "[nsp] icmp blocking"
• Next in thread: Shi, Ning: "RE: [nsp] icmp blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

I guess this is OK for enterprise network. Any good idea for ISP?

Regards,

-ns

-----Original Message-----
From: Rob Thomas [mailto:robt@cymru.com]
Sent: 28 March 2002 11:40 AM
To: Cisco List
Subject: Re: [nsp] icmp blocking

Hi, Birsen.

] I was looking for information about denying ICMP packets accross the
] backbone. What is the efficient/reccomended way of doing it? What are the

Hmm, I wouldn't block all ICMP. This can lead to other problems. ICMP
isn't just the hacker's protocol. :) Rate limiting is good, and I have
an example of that in my Secure IOS Template:

http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html

I have some thoughts on the filtering of ICMP at the edge here:

http://www.cymru.com/~robt/Docs/Articles/icmp-messages.html

I hope this helps!

Thanks,
Rob.

--
Rob Thomas
http://www.cymru.com/~robt
ASSERT(coffee != empty);

• Next message: Gert Doering: "Re: [nsp] icmp blocking"
• Previous message: Rob Thomas: "Re: [nsp] icmp blocking"
• Maybe in reply to: Birsen Ozturk: "[nsp] icmp blocking"
• Next in thread: Shi, Ning: "RE: [nsp] icmp blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:39 EDT