Controlling ICMP (DDOS) via Cisco Control-Plane

A very simple way of protecting a router from ICMP DDOS attack. ip access-list extended ICMP permit icmp any any ! class-map match-any ICMP match access-group name ICMP ! policy-map ICMP-limit class ICMP police rate 20000 bps conform-action transmitĀ  exceed-action dropĀ  violate-action drop ! control-plane service-policy input ICMP-limit This configuration will limit the icmp traffic …