181 permit icmp any <trusted subnet range> echo (12 matches)
permit icmp any host <router IP Address> echo (4234 matches)
I was getting a lot of hits on my IPS module on ICMP echo traffic. Cisco TAC had me disable the sigs for ICMP echo and echo reply on the IPS. I put a permit on my 2811 router to see how many hits I receive. This was less than 30 seconds. Is it safe to block icmp traffic from the trusted subnets where my servers and workstation are? The IPS saw many hits on the two sigs. I have seen thousands of ICMP hits on my router in the last day in CoPP. Should I block them? I am considering only permitting my ISP to do ICMP sweeps.