Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
5
Helpful
1
Replies

no ip redirects

anitachoi3
Level 1
Level 1

‎01-20-2008 06:42 AM - edited ‎03-05-2019 08:35 PM

Hi,

Some vendors suggest me to config following for all interfaces

inter fastethernet x

no ip redirects

any advantage if I implement it?

rgds

Labels:
0 Helpful
1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

‎01-20-2008 07:49 AM

Hi,

"no ip redirects" disables "ICMP redirects" in the interface.

In the first glance, "ICMP redirects" is good as it always provide the optimum route. Check this link on how "ICMP redirects" work http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml

However, "ICMP redirects" present a potent DOS (Denial Of Service) attack. If the target

system does accept ICMP redirects (and packets can actually reach it) that system can be stopped from talking to any particular address on the net. Also, attacks can be launch from anywhere - not necessary from the local network.

Following are links to IOS Hardening which discusses "no ip redirects" and other feature

http://www.cymru.com/Documents/secure-ios-template.html

http://www.nsa.gov/snac/

Regards,

Dandy

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card