Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

no ip redirects

Hi,

Some vendors suggest me to config following for all interfaces

inter fastethernet x

no ip redirects

any advantage if I implement it?

rgds

1 REPLY

Re: no ip redirects

Hi,

"no ip redirects" disables "ICMP redirects" in the interface.

In the first glance, "ICMP redirects" is good as it always provide the optimum route. Check this link on how "ICMP redirects" work http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml

However, "ICMP redirects" present a potent DOS (Denial Of Service) attack. If the target

system does accept ICMP redirects (and packets can actually reach it) that system can be stopped from talking to any particular address on the net. Also, attacks can be launch from anywhere - not necessary from the local network.

Following are links to IOS Hardening which discusses "no ip redirects" and other feature

http://www.cymru.com/Documents/secure-ios-template.html

http://www.nsa.gov/snac/

Regards,

Dandy

842
Views
5
Helpful
1
Replies
CreatePlease to create content