ICMP Packet Filtered responses

If you don’t enter:

no ip unreachables

in the router’s configuration and then apply an access list denying certain traffic (e.g. ICMP echo requests), the router won’t drop the packets “silently”, but rather respond to the sender with an ICMP Packet Filtered message, de facto disclosing its presence in the network (which we often don’t want if we’re applying an access list which is supposed to drop packets).

Update: the above command may be a starting point for further considerations in case you get responses similar to the following while pinging your device from another Cisco router:

Router#ping XXX.XXX.XXX.XXX

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to XXX.XXX.XXX.XXX, timeout is 2 seconds:
.U.U.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s