cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
413
Views
5
Helpful
1
Replies

IP unreachable – Yes OR No?

umer zubairi
Beginner
Beginner

Gents,

As we know that packets with invalid/unreachable destination address received by a Cisco device can be discarded and device can further 

generate  an  'ip  unreachable'  message  to  notify  the  sender  about  the  unreachable  host.  

This can be helpful to prevent DoS/Smurf Attacks, but at the same time IP  unreachable  message  contains  layer  3  information  of  the  device  which  can  be  used  by  an  attacker  to  initiate malicious activity.

Now what's recommended from a purely security perspective? That's the core question.

With Regards & Respect,

Umer

 

1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello Umer,

Have a look on the below documentation link which explains the mitigation plans in depth.

http://www.cisco.com/web/about/security/intelligence/ttl-expiry.html

Hope it Helps..

-GI

Rate if it Helps..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: