Anonymous (not verified) Mon, 06/24/2002 - 14:38
User Badges:

Creat an access-list to block out icmp packets

( echo & other coresponding messages)on input interfaces to your network..

That should stop the ping storms.

what you might want to consider blocking are

echo Echo (ping)

echo-reply Echo reply

host-unreachable Host unreachable


Administratively prohibited


Net unreachable


All unreachables

Frederic Vanderbecq Tue, 06/25/2002 - 00:50
User Badges:
  • Cisco Employee,

Create an IP extended access-list to block ICMP packets. Only allow pings from well-known addresses from your network.

yusuff Tue, 06/25/2002 - 03:41
User Badges:
  • Cisco Employee,

creating ACL and blocking icmp will solve the issue, but also block legitimate icmp pings, which you might want to allow from random sources.

Best way to approach to control EXCESSIVE icmp flood is using Committed Access Rate (CAR). CAR allows you to enforce a bandwidth policy against network traffic that matches an access list.

URLs for CAR;




This Discussion