Home page logo
/

nanog logo nanog mailing list archives

Re: Cisco filter question
From: Scott McGrath <mcgrath () fas harvard edu>
Date: Fri, 22 Aug 2003 12:27:30 -0400 (EDT)



Geo,

Look at your set interface Null0 command the rest is correct
you want to set the next hop to be Null0.  How to do this is left as an 
exercise for the reader.

                            Scott C. McGrath

On Fri, 22 Aug 2003, Geo. wrote:


Perhaps one of you router experts can answer this question. When using the cisco specified filter

 access-list 199 permit icmp any any echo
    access-list 199 permit icmp any any echo-reply
       
    route-map nachi-worm permit 10
      ! --- match ICMP echo requests and replies (type 0 & 8) 
      match ip address 199
    
      ! --- match 92 bytes sized packets
      match length 92 92
 
      ! --- drop the packet
      set interface Null0
       
    
    interface <incoming-interface>
      ! --- it is recommended to disable unreachables
      no ip unreachables
 
      ! --- if not using CEF, enabling ip route-cache flow is recommended
      ip route-cache policy
 
      ! --- apply Policy Based Routing to the interface
      ip policy route-map nachi-worm 

why would it not stop this packet

15 1203.125000 0003E3956600 AMERIC6625D4 ICMP Echo: From 216.144.20.69 To 216.144.00.27 216.144.20.69 216.144.0.27 IP 
FRAME: Base frame properties
    FRAME: Time of capture = 8/22/2003 11:54:16.859
    FRAME: Time delta from previous physical frame: 0 microseconds
    FRAME: Frame number: 15
    FRAME: Total frame length: 106 bytes
    FRAME: Capture frame length: 106 bytes
    FRAME: Frame data: Number of data bytes remaining = 106 (0x006A)
ETHERNET: ETYPE = 0x0800 : Protocol = IP:  DOD Internet Protocol
    ETHERNET: Destination address : 00C0B76625D4
        ETHERNET: .......0 = Individual address
        ETHERNET: ......0. = Universally administered address
    ETHERNET: Source address : 0003E3956600
        ETHERNET: .......0 = No routing information present
        ETHERNET: ......0. = Universally administered address
    ETHERNET: Frame Length : 106 (0x006A)
    ETHERNET: Ethernet Type : 0x0800 (IP:  DOD Internet Protocol)
    ETHERNET: Ethernet Data: Number of data bytes remaining = 92 (0x005C)
IP: ID = 0x848; Proto = ICMP; Len: 92
    IP: Version = 4 (0x4)
    IP: Header Length = 20 (0x14)
    IP: Precedence = Routine
    IP: Type of Service = Normal Service
    IP: Total Length = 92 (0x5C)
    IP: Identification = 2120 (0x848)
    IP: Flags Summary = 0 (0x0)
        IP: .......0 = Last fragment in datagram
        IP: ......0. = May fragment datagram if necessary
    IP: Fragment Offset = 0 (0x0) bytes
    IP: Time to Live = 124 (0x7C)
    IP: Protocol = ICMP - Internet Control Message
    IP: Checksum = 0x70D8
    IP: Source Address = 216.144.20.69
    IP: Destination Address = 216.144.0.27
    IP: Data: Number of data bytes remaining = 72 (0x0048)
ICMP: Echo: From 216.144.20.69 To 216.144.00.27
    ICMP: Packet Type = Echo
    ICMP: Echo Code = 0 (0x0)
    ICMP: Checksum = 0x82AA
    ICMP: Identifier = 512 (0x200)
    ICMP: Sequence Number = 7680 (0x1E00)
    ICMP: Data: Number of data bytes remaining = 64 (0x0040)
00000:  00 C0 B7 66 25 D4 00 03 E3 95 66 00 08 00 45 00   .À·f%Ô..ã•f...E.
00010:  00 5C 08 48 00 00 7C 01 70 D8 D8 90 14 45 D8 90   .\.H..|.pØؐ.Eؐ
00020:  00 1B 08 00 82 AA 02 00 1E 00 AA AA AA AA AA AA   ....‚ª....ªªªªªª
00030:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   ªªªªªªªªªªªªªªªª
00040:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   ªªªªªªªªªªªªªªªª
00050:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   ªªªªªªªªªªªªªªªª
00060:  AA AA AA AA AA AA AA AA AA AA                     ªªªªªªªªªª      



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]