You can block this traffic from internal to out in your network
you can use ACL to block it:
check this exemple for icmp: https://community.cisco.com/t5/switching/acl-for-icmp/td-p/1053521
check this exemple for ntp: https://community.cisco.com/t5/routing/restrict-ntp-access/td-p/861842
ICMP is very dangerous for DDoS or DoS: A distributed-denial-of-service, or DDoS, attack is the bombardment of simultaneous data requests to a central server. The attacker generates these requests from multiple compromised systems.
In doing so, the attacker hopes to exhaust the target’s Internet bandwidth and RAM. The ultimate goal is to crash the target’s system and disrupt its business.
NTP: In summary, the attack is based on processing NTP Mode 7 requests from NTP clients that may elicit huge responses. While the requests are small (for example, in case of Mode 7, the request is only 8 bytes long), the response can grow up to 5,500 times that size due to amplification.
All of this vulnerabilities can crash your router requesting lot of RAM, CPU and BANDWIDTH.
If you have a NTP Service configured on your router and you dont tunning it, maybe you has a vulnerability.
If you have any interface UP/UP allowed to external (internet), you can receive a DoS or DDoS attack.
Hi Jaderson Pessoa ,
Thanks for the update .
I have checked the same vulnerabilities in cisco portal but coudn't found this CVE ID'S are hitting the running IOS .There are lot of vulnerabilities are present in the current running ver except the mentioned CVE ID.
can you please clarify the same.
as i said, if you have this services configured without any parameter, you have a possible problem.