You could use an ACL that looks something like this:
access-list 101 deny icmp any any
access-list 101 deny icmp any any echo # If you just want to stop incoming pings
access-list 102 deny icmp any any unreachable
access-list 102 deny icmp any any time-exceeded
The 101 will stop pings from coming in, but it will also stop echo replies (a ping you iniate) from getting back to you.
Traceroute is more difficult. Traceroute is nothing more than a UDP packet that looks for a certain ICMP response from a router or host. If it receives an ICMP time exceeded message then the client knows that it is a router. If it is an ICMP unreachable then it has found the target host.
The 102 will stop all responses to traceroutes rendering the trace useless. It does not stop the initial traceroute packet at the router, it only stops the response.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...