[61073] in North American Network Operators' Group
RE: Cisco filter question
daemon@ATHENA.MIT.EDU (Michel Py)
Fri Aug 22 13:08:14 2003
Date: Fri, 22 Aug 2003 10:02:11 -0700
From: "Michel Py" <michel@arneill-py.sacramento.ca.us>
To: "Geo." <georger@getinfo.net>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Instead of:
> set interface Null0
Use: set ip next-hop 10.255.255.254
_and_=20
ip route 10.255.255.254 255.255.255.255 Null0 name BLACKHOLE
Michel.
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of =
Geo.
Sent: Friday, August 22, 2003 9:17 AM
To: nanog@merit.edu
Subject: Cisco filter question
Perhaps one of you router experts can answer this question. When using =
the cisco specified filter
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply
=20
route-map nachi-worm permit 10
! --- match ICMP echo requests and replies (type 0 & 8)=20
match ip address 199
=20
! --- match 92 bytes sized packets
match length 92 92
=20
! --- drop the packet
set interface Null0
=20
=20
interface <incoming-interface>
! --- it is recommended to disable unreachables
no ip unreachables
=20
! --- if not using CEF, enabling ip route-cache flow is =
recommended
ip route-cache policy
=20
! --- apply Policy Based Routing to the interface
ip policy route-map nachi-worm=20
why would it not stop this packet
15 1203.125000 0003E3956600 AMERIC6625D4 ICMP Echo: From 216.144.20.69 =
To 216.144.00.27 216.144.20.69 216.144.0.27 IP=20
FRAME: Base frame properties
FRAME: Time of capture =3D 8/22/2003 11:54:16.859
FRAME: Time delta from previous physical frame: 0 microseconds
FRAME: Frame number: 15
FRAME: Total frame length: 106 bytes
FRAME: Capture frame length: 106 bytes
FRAME: Frame data: Number of data bytes remaining =3D 106 (0x006A)
ETHERNET: ETYPE =3D 0x0800 : Protocol =3D IP: DOD Internet Protocol
ETHERNET: Destination address : 00C0B76625D4
ETHERNET: .......0 =3D Individual address
ETHERNET: ......0. =3D Universally administered address
ETHERNET: Source address : 0003E3956600
ETHERNET: .......0 =3D No routing information present
ETHERNET: ......0. =3D Universally administered address
ETHERNET: Frame Length : 106 (0x006A)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining =3D 92 =
(0x005C)
IP: ID =3D 0x848; Proto =3D ICMP; Len: 92
IP: Version =3D 4 (0x4)
IP: Header Length =3D 20 (0x14)
IP: Precedence =3D Routine
IP: Type of Service =3D Normal Service
IP: Total Length =3D 92 (0x5C)
IP: Identification =3D 2120 (0x848)
IP: Flags Summary =3D 0 (0x0)
IP: .......0 =3D Last fragment in datagram
IP: ......0. =3D May fragment datagram if necessary
IP: Fragment Offset =3D 0 (0x0) bytes
IP: Time to Live =3D 124 (0x7C)
IP: Protocol =3D ICMP - Internet Control Message
IP: Checksum =3D 0x70D8
IP: Source Address =3D 216.144.20.69
IP: Destination Address =3D 216.144.0.27
IP: Data: Number of data bytes remaining =3D 72 (0x0048)
ICMP: Echo: From 216.144.20.69 To 216.144.00.27
ICMP: Packet Type =3D Echo
ICMP: Echo Code =3D 0 (0x0)
ICMP: Checksum =3D 0x82AA
ICMP: Identifier =3D 512 (0x200)
ICMP: Sequence Number =3D 7680 (0x1E00)
ICMP: Data: Number of data bytes remaining =3D 64 (0x0040)
00000: 00 C0 B7 66 25 D4 00 03 E3 95 66 00 08 00 45 00 =
.=C0=B7f%=D4..=E3*f...E.
00010: 00 5C 08 48 00 00 7C 01 70 D8 D8 90 14 45 D8 90 =
.\.H..|.p=D8=D8=90.E=D8=90
00020: 00 1B 08 00 82 AA 02 00 1E 00 AA AA AA AA AA AA =
....'=AA....=AA=AA=AA=AA=AA=AA
00030: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA =
=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA
00040: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA =
=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA
00050: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA =
=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA
00060: AA AA AA AA AA AA AA AA AA AA =
=AA=AA=AA=AA=AA=AA=AA=AA=AA=AA =20
