[nsp] ICMP 8/0 filtering
Stephen Gill
gillsr at yahoo.com
Fri Jan 31 10:05:58 EST 2003
Generally filtering should be done as close as possible to the source.
However, I would not recommend blocking ALL ICMP. See:
http://www.cymru.com/Documents/icmp-messages.html
-- steve
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of odusseus
Sent: Friday, January 31, 2003 8:47 AM
To: cisco-nsp
Subject: [nsp] ICMP 8/0 filtering
Hi
I have three border routers (7200 VXR), two internal routers (Cat 6500),
and a set of firewall (PIX 515).
I don't want to be pingable from the Internet.
I would like to know at which place is the most clever to set a filter
that would stop ICMP 8/0:
ASBR, internal routers, or the firewall?
I am actually blocking 10000 pings per day from my firewall.
What majore change would it make if I would block this ICMP traffic by
the AS border routers?
Thank you.
Christophe
------------------------------------------
Faites un voeu et puis Voila ! www.voila.fr
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list