The icmp ttl-exceeded send command enables an interface to send ICMP Time Exceeded packets.
The undo icmp ttl-exceeded send command disables an interface from sending ICMP Time Exceeded packets.
By default, an interface is enabled to send ICMP Time Exceeded packets.
If the destination address of a received IP packet is not the local address and the TTL value is 1, a timeout error occurs. In this situation, the device discards the packet and returns an ICMP Time Exceeded packet to the source.
When replying with an ICMP Time Exceeded packet, an interface adds its IP address as the source IP address in the ICMP Time Exceeded packet, exposing the interface itself to attackers. In addition, after being attacked, the interface replies with numerous ICMP Time Exceeded packets, consuming CPU resources and degrading system performance. To resolve these problems, run the undo icmp ttl-exceeded send command to disable the interface from replying with ICMP Time Exceeded packets.
<HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] icmp ttl-exceeded send
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] icmp ttl-exceeded send