nanog mailing list archives
RE: 92 Byte ICMP Blocking Problem
From: "John Souvestre" <johns () sstar com>
Date: Sat, 13 Sep 2003 22:53:14 -0500
Hi. I've been running with the service policy version and haven't seen any problem either. I did notice that it seems to block DOS traceroutes, however. John John Souvestre - Southern Star - (504) 888-3348 - www.sstar.com -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of jlewis () lewis org Sent: Saturday, September 13, 2003 10:18 PM To: William Devine, II Cc: Nanog Subject: Re: 92 Byte ICMP Blocking Problem Importance: High That's really weird. I've been running with route-map nachiworm permit 10 match ip address nachilist match length 92 92 set interface Null0 ip access-list extended nachilist permit icmp any any echo permit icmp any any echo-reply ip policy route-map nachiworm on transit interfaces and the virtual-templates of all our access servers that can do it properly (just blocking echo/echo-reply on the older ones that can't do the policy) and haven't heard about any customer complaints other than "I can't ping" in the places where we've blocked all echo/echo-reply. The routers doing this (7200/7500)'s are all running 12.2(1-3)S. Access servers are running mostly 12.1M or 12.2XB code.
Current thread:
- 92 Byte ICMP Blocking Problem Richard J . Sears (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Steven M. Bellovin (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
- Re: 92 Byte ICMP Blocking Problem William Devine, II (Sep 12)
- Re: 92 Byte ICMP Blocking Problem james (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Steve Carter (Sep 12)
- Re: 92 Byte ICMP Blocking Problem jlewis (Sep 13)
- RE: 92 Byte ICMP Blocking Problem John Souvestre (Sep 13)
- Re: 92 Byte ICMP Blocking Problem Steven M. Bellovin (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
- <Possible follow-ups>
- Re: 92 Byte ICMP Blocking Problem Richard J . Sears (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Mark Vevers (Sep 13)
- RE: 92 Byte ICMP Blocking Problem Mark Segal (Sep 15)