[c-nsp] blocking icmp type 3 code 3

Aaron aaron1 at gvtc.com
Wed Jul 17 15:22:07 EDT 2013

Are there well-known attacks that produce a mass amount of icmp type 3
(destination unreachable) code 3 (port unreachable) ?


I've seen things like this in netflow lately.   NO prior communications from
my host(s) BUT I see the response of icmp 3 3.  Leads me to believe someone
is spoofing as coming from my network and thus causing icmp 3 3 's to come
back my way.


How to mitigate / combat this ?


What if I acl deny icmp 3 3 inbound ?  downsides ?



More information about the cisco-nsp mailing list