Home page logo

nanog logo nanog mailing list archives

RE: Cisco filter question
From: Lucas Iglesias <l.iglesias () tiba com>
Date: Fri, 22 Aug 2003 14:55:47 -0300


The problem is simple. If you put in a single route-map entry 2 matchs
entries, it must match both of them to set the interface to Null0. If you'd
like to match all ICMP packets and also 92 lenght packets, try to do this:

route-map nachi-worm permit 10
 match ip address 199
 set interface Null0
route-map nachi-worm permit 10
 match length 92
 set interface Null0

Good luck, tell me how it works.

-----Mensaje original-----
De: Geo. [mailto:georger () getinfo net]
Enviado el: Viernes, 22 de Agosto de 2003 01:17 p.m.
Para: nanog () merit edu
Asunto: Cisco filter question

Perhaps one of you router experts can answer this question. When using the
cisco specified filter

 access-list 199 permit icmp any any echo
    access-list 199 permit icmp any any echo-reply
    route-map nachi-worm permit 10
      ! --- match ICMP echo requests and replies (type 0 & 8) 
      match ip address 199
      ! --- match 92 bytes sized packets
      match length 92 92
      ! --- drop the packet
      set interface Null0
    interface <incoming-interface>
      ! --- it is recommended to disable unreachables
      no ip unreachables
      ! --- if not using CEF, enabling ip route-cache flow is recommended
      ip route-cache policy
      ! --- apply Policy Based Routing to the interface
      ip policy route-map nachi-worm 

why would it not stop this packet

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]