Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Filter multicast

Ok I just hooked up an aDSL cisco 877 at a customers site. I ran a nessus audit on the external IP of that router and everything passes except for the following.


Your machine answers to TCP packets that are coming from a multicast

address. This is known as the 'spank' denial of service attack.

An attacker might use this flaw to shut down this server and

saturate your network, thus preventing you from working properly.

This also could be used to run stealth scans against your machine.

Solution : contact your operating system vendor for a patch.

Filter out multicast addresses (

Ok so I read this message and figured ok on my inbound access-list I should just add the following: deny ip but that did not help.

Have any ideas on what I could do to filter out



Hall of Fame Super Gold

Re: Filter multicast


It is not clear from what you posted whether the is the source address or the destination. But it needs to be the destination address. Also the mask that you gave will not filter /4 but would essentially filter /24. If you try this you should find that it works:

deny ip any

Depending on your particular environment filtering out all multicast may or may not be a desirable thing to do. But if you believe that you want to do it this version of the access list should get it done. Of course there should be some other things in the access list = deny other unwanted traffic and permit desirable traffic.



Community Member

Re: Filter multicast

Ok this worked out just fine, I just needed to do deny ip any...

I guess my question is why I would need to do this? I already had an access-list setup on my inbound traffic. I thought at the end of all access-lists there was an explicit deny.


CreatePlease to create content