Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
5
Helpful
1
Replies

IP unreachable – Yes OR No?

umer zubairi
Level 1
Level 1

‎12-12-2015 11:54 PM - edited ‎02-21-2020 05:38 AM

Gents,

As we know that packets with invalid/unreachable destination address received by a Cisco device can be discarded and device can further 

generate  an  'ip  unreachable'  message  to  notify  the  sender  about  the  unreachable  host.  

This can be helpful to prevent DoS/Smurf Attacks, but at the same time IP  unreachable  message  contains  layer  3  information  of  the  device  which  can  be  used  by  an  attacker  to  initiate malicious activity.

Now what's recommended from a purely security perspective? That's the core question.

With Regards & Respect,

Umer

 

0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-15-2015 08:34 PM

Hello Umer,

Have a look on the below documentation link which explains the mitigation plans in depth.

http://www.cisco.com/web/about/security/intelligence/ttl-expiry.html

Hope it Helps..

-GI

Rate if it Helps..

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card