Gents,
As we know that packets with invalid/unreachable destination address received by a Cisco device can be discarded and device can further
generate an 'ip unreachable' message to notify the sender about the unreachable host.
This can be helpful to prevent DoS/Smurf Attacks, but at the same time IP unreachable message contains layer 3 information of the device which can be used by an attacker to initiate malicious activity.
Now what's recommended from a purely security perspective? That's the core question.
With Regards & Respect,
Umer