DENY ICMP Command???

quell · Jan 15, 2003

I run a Cisco 2620 Router ver 12.1 I do not want people on the outside to be able to ping my router. I can not find the command anywaere in order to do this can someone help me
Thank you

rsivanandan · Jan 15, 2003

Hi Quell,

Simple command;

access-list 100 deny icmp any <ip address> 0.0.0.0
access-list 100 permit ip any any

Apply this access-list on the incoming interface using;

ip access-group 100 in

If you want to allow only those connections to come into the network which are originally initiated from inside the network, then;

access-list 100 permit ip any any eq established

Thats all....

Cheers,
Rajesh

wybnormal · Jan 15, 2003

There is a better way to do this. With just a deny, there will be a message sent back to the sender saying it was administratively denied. This is not what you want to tell someone scoping you out.

access-list 107 deny icmp any any echo log

This will surpress the outgoing message (echo) and then log it if you are so inclined to see who is pinging you. Any more there are so many wannabe scriptkiddies, it's too much to track.

MikeS

Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

DENY ICMP Command???

quell

IS-IT--Management

rsivanandan

IS-IT--Management

wybnormal

Technical User

Similar threads

Part and Inventory Search

Sponsor