I guess this is OK for enterprise network. Any good idea for ISP?
Regards,
-ns
-----Original Message-----
From: Rob Thomas [mailto:robt@cymru.com]
Sent: 28 March 2002 11:40 AM
To: Cisco List
Subject: Re: [nsp] icmp blocking
Hi, Birsen.
] I was looking for information about denying ICMP packets accross the
] backbone. What is the efficient/reccomended way of doing it? What are the
Hmm, I wouldn't block all ICMP. This can lead to other problems. ICMP
isn't just the hacker's protocol. :) Rate limiting is good, and I have
an example of that in my Secure IOS Template:
http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
I have some thoughts on the filtering of ICMP at the edge here:
http://www.cymru.com/~robt/Docs/Articles/icmp-messages.html
I hope this helps!
Thanks,
Rob.
-- Rob Thomas http://www.cymru.com/~robt ASSERT(coffee != empty);
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT