Geo, Look at your set interface Null0 command the rest is correct you want to set the next hop to be Null0. How to do this is left as an exercise for the reader. Scott C. McGrath On Fri, 22 Aug 2003, Geo. wrote:
Perhaps one of you router experts can answer this question. When using the cisco specified filter
access-list 199 permit icmp any any echo access-list 199 permit icmp any any echo-reply
route-map nachi-worm permit 10 ! --- match ICMP echo requests and replies (type 0 & 8) match ip address 199
! --- match 92 bytes sized packets match length 92 92
! --- drop the packet set interface Null0
interface <incoming-interface> ! --- it is recommended to disable unreachables no ip unreachables
! --- if not using CEF, enabling ip route-cache flow is recommended ip route-cache policy
! --- apply Policy Based Routing to the interface ip policy route-map nachi-worm
why would it not stop this packet
15 1203.125000 0003E3956600 AMERIC6625D4 ICMP Echo: From 216.144.20.69 To 216.144.00.27 216.144.20.69 216.144.0.27 IP FRAME: Base frame properties FRAME: Time of capture = 8/22/2003 11:54:16.859 FRAME: Time delta from previous physical frame: 0 microseconds FRAME: Frame number: 15 FRAME: Total frame length: 106 bytes FRAME: Capture frame length: 106 bytes FRAME: Frame data: Number of data bytes remaining = 106 (0x006A) ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol ETHERNET: Destination address : 00C0B76625D4 ETHERNET: .......0 = Individual address ETHERNET: ......0. = Universally administered address ETHERNET: Source address : 0003E3956600 ETHERNET: .......0 = No routing information present ETHERNET: ......0. = Universally administered address ETHERNET: Frame Length : 106 (0x006A) ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol) ETHERNET: Ethernet Data: Number of data bytes remaining = 92 (0x005C) IP: ID = 0x848; Proto = ICMP; Len: 92 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Precedence = Routine IP: Type of Service = Normal Service IP: Total Length = 92 (0x5C) IP: Identification = 2120 (0x848) IP: Flags Summary = 0 (0x0) IP: .......0 = Last fragment in datagram IP: ......0. = May fragment datagram if necessary IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 124 (0x7C) IP: Protocol = ICMP - Internet Control Message IP: Checksum = 0x70D8 IP: Source Address = 216.144.20.69 IP: Destination Address = 216.144.0.27 IP: Data: Number of data bytes remaining = 72 (0x0048) ICMP: Echo: From 216.144.20.69 To 216.144.00.27 ICMP: Packet Type = Echo ICMP: Echo Code = 0 (0x0) ICMP: Checksum = 0x82AA ICMP: Identifier = 512 (0x200) ICMP: Sequence Number = 7680 (0x1E00) ICMP: Data: Number of data bytes remaining = 64 (0x0040) 00000: 00 C0 B7 66 25 D4 00 03 E3 95 66 00 08 00 45 00 .÷f%Ã..ãâ¢f...E. 00010: 00 5C 08 48 00 00 7C 01 70 D8 D8 90 14 45 D8 90 .\.H..|.pÃÃÂ.Eà00020: 00 1B 08 00 82 AA 02 00 1E 00 AA AA AA AA AA AA ....âª....ªªªªªª 00030: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª 00040: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª 00050: AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª 00060: AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªª