From: Don Taylor II (dontaylor2@xxxxxxxx)
Date: Fri Aug 10 2001 - 19:52:41 GMT-3
The echo-reply line will deny echoes coming back to you if you place it
inbound on the interface - probably not a good idea. If you place it
outbound, it will never be used since the echo-request will never enter the
router.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Daniel C. Young
Sent: Friday, August 10, 2001 3:21 PM
To: ccielab@groupstudy.com
Subject: acl: denying pings
Folks,
Pings require both icmp type echo and echo-reply. If you want to deny pings,
would it make sense simple to deny echos only? The reason being is that if
echos (requests) are never allowed, you will not even have any echo replies.
I know that lab proctors are in search of the shorts acl possible. They will
burn you at the stake if you don't come up with it.
Consider:
acc 100 deny icmp any any eq echo
acc 100 deny icmp any any eq echo-reply <-- Is this even necessary?
acc 100 perm ip any
What do you guys think?
Daniel C. Young
Sr. Network Engineer
(909) 221-1928 Direct
dan.young@sbc.com
SBC Internet Data Center
2681 Kelvin Ave.
Irvine, CA 92614
(949) 221-1900 Main
(949) 221-1978 Fax
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:48 GMT-3