[c-nsp] blocking icmp type 3 code 3
Aaron
aaron1 at gvtc.com
Wed Jul 17 15:22:07 EDT 2013
Are there well-known attacks that produce a mass amount of icmp type 3
(destination unreachable) code 3 (port unreachable) ?
I've seen things like this in netflow lately. NO prior communications from
my host(s) BUT I see the response of icmp 3 3. Leads me to believe someone
is spoofing as coming from my network and thus causing icmp 3 3 's to come
back my way.
How to mitigate / combat this ?
What if I acl deny icmp 3 3 inbound ? downsides ?
Aaron
More information about the cisco-nsp
mailing list