Ip Unreachables - Allied Telesis AT-x510-28GTX Command Reference Manual

IP A P
DDRESSING AND ROTOCOL

IP UNREACHABLES

ip unreachables
Overview Use this command to enable ICMP (Internet Control Message Protocol) type 3,
destination unreachable, messages.
Use the no variant of this command to disable destination unreachable messages.
This prevents an attacker from using these messages to discover the topology of a
network.
ip unreachables
Syntax
no ip unreachables
Default Destination unreachable messages are enabled by default.
Mode Global Configuration
Usage When a device receives a packet for a destination that is unreachable it returns an
ICMP type 3 message, this message includes a reason code, as per the table below.
An attacker can use these messages to obtain information regarding the topology
of a network. Disabling destination unreachable messages, using the no ip
unreachables command, secures your network against this type of probing.
NOTE
traceroute and Path MTU Discovery (PMTUD), which depend on these messages to
operate correctly.
Table 20-1: ICMP type 3 reason codes and description
C613-50102-01 REV C
C
OMMANDS
: Disabling ICMP destination unreachable messages breaks applications such as
Code Description [RFC]
0 Network unreachable [RFC792]
1 Host unreachable [RFC792]
2 Protocol unreachable [RFC792]
3 Port unreachable [RFC792]
4 Fragmentation required, and DF flag set [RFC792]
5 Source route failed [RFC792]
6 Destination network unknown [RFC1122]
7 Destination host unknown [RFC1122]
8 Source host isolated [RFC1122]
9 Network administratively prohibited [RFC768]
10 Host administratively prohibited [RFC869]
11 Network unreachable for Type of Service [RFC908]
12 Host unreachable for Type of Service [RFC938]
13 Communication administratively prohibited [RFC905]
Command Reference for x510 Series
AlliedWare Plus™ Operating System - Version 5.4.6-1.x
717