Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
2
Replies

Icmp Redirect question? (no ip redirects)

m.howe
Level 1
Level 1

‎08-29-2002 10:59 AM - edited ‎03-02-2019 01:00 AM

I am running SNORT and receive a log message about ICMP Redirect. The Cisco router is sending this to every machine that goes to the internet. I understand why the router is doing this because it meets the four requirements:

(1) The interface on which the packet comes into the router is the same interface on which the packet gets routed out.

(2) The subnet/network of the source IP address is the same subnet/network of the next-hop IP address of the routed packet. (3)

The datagram is not source-routed. (4) The kernel is configured to send redirects.

My question is, would there be any reason why I should not use the command "no ip redirects ". This would stop the ICMP Redirect traffic but I want to know if this could cause other problems?

Thanks for your help.

Labels:
0 Helpful
2 Replies 2

cdoyle
Level 1
Level 1

‎08-30-2002 07:33 AM

If you add the command No ICMP Redirects then there could be a performance impact felt by the client workstations if the Router that is currently sending the redirect messages is a busy one. All their traffic destined for the Internet would be first processed through this initial default Router as they would not be instructed (an ICMP redirect) to instead start sending their traffic directly to the Router that takes them to the Internet.

If the bulk of the traffic in this subnet is destined for the Internet, you may want to consider configuring the workstations default gateway to be the Internet facing Router rather than the current one. Just ensure that this Internet facing Router is aware of all the other Router's routes first and continue to leave ICMP redirects enabled on both. Ideally you would see far less redirect messages generated.

Hope this helps,

Craig Doyle

0 Helpful

m.howe
Level 1
Level 1
In response to cdoyle

‎08-30-2002 09:00 AM

Thanks for the information. I know that changing the default gateway to be the internet facing router rather than the current one would be the best solution. Unfortunately this is not an option. I guess I will just create a rule in SNORT to not look for this message from the routers address.

Thanks for your help

Michael Howe

0 Helpful
Customers Also Viewed These Support Documents