[nsp] Nachi WORM & ICMP floods of ICMP packets ..
Roger
grunky at rockriver.net
Thu Sep 25 13:20:57 EDT 2003
A less cpu intensive solution would be to add this route-map to your
edge routers.
The only downside is windows clients use 92-byte icmp packets to do
traceroutes. Other traceroute clients will be uneffected - udp or icmp.
#make acl
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply
#make a route-map to make the protocol and packet length - and drop them
route-map nachi-worm permit 10
match ip address 199
match length 92 92
set interface Null0
#apply to serial/atm interface to upstream provider
interface <incoming-interface>
ip policy route-map nachi-worm
To check status
works#show route-map nachi-worm
route-map nachi-worm, permit, sequence 10
Match clauses:
ip address (access-lists): 199
length 92 92
Set clauses:
interface Null0
Policy routing matches: 3796973 packets, 372780904 bytes
This was basically taken from
www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801b143a.shtml
and condensed.
--
Rock River Internet Roger Grunkemeyer
202 W. State St, 8th Floor grunky at rockriver.net
Rockford, IL 61101 815-968-3888
More information about the cisco-nsp
mailing list