[c-nsp] icmp filtering
Paul Stewart
pauls at nexicom.net
Mon Mar 14 12:46:01 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We're noticing a dramatic increase in ICMP activity in our network this
morning...
Currently, we do not filter ICMP at all in fear that we may block legit
traffic needed for various things such as VPN's etc....
What's the general rule of thumb on this now? I believe it's a number
of virus infected dial-up clients or ADSL clients that are causing this
but can't confirm.
When I run a span-port and do a tcpdump on all icmp traffic it's
averaging about 200 icmp messages per second from all over the world
coming in and going out of our network..
Does anyone filter and perhaps have an access list they wouldn't mind
sharing? I don't want to break anything for customers and we want to
permit traceroute/ping etc... it's more the non-legit traffic I'd like
to try and drop...
Thanks,
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFCNc3ZqMetgU57IuQRAkDeAJwPiTy6sg0+Yj9btgaFv8xyzDr2UgCfeOky
qW1/Ht0JXr7kXYueNg7cD80=
=QDCA
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list