Cisco IPS - ICMP messages

tolien · 22 Feb 2006 at 14:00

At some point in the past I switched on logging for every ICMP packet through the IPS (every echo request, reply, time-exceeded :eek:

), and now I can't remember how the hell you switch it off

I could disable the subsig with ip ips signature 2004, but that's a bit like cracking a nut with a nuke. I managed to kill it off last night, but since then I've bumped back to defaults and manged to start it again.

Suggestions?

tolien · 22 Feb 2006 at 14:08

None of my access lists have anything ICMP related, and I've tried no debug ip icmp - it's set to off already.
As soon as I enable ip ips internet-out out on Dialer1, I get bombarded with

*Mar 1 00:59:29.407 UTC: %IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:2 ICMP Echo Req [80.249.110.123:0 -> [router]:0]

At a rate of at least one a second.

tolien · 22 Feb 2006 at 15:16

No additional sdf files.
Currently running this config - ip ips signature 2004 0 disable is doing as a workaround for now.

Cisco IPS - ICMP messages

tolien

tolien

tolien

tolien

tolien

tolien