why the route-may doesn't work to block the virus

[ninghi]

the new virus nachi uses 92 byte packet to detect other node.To block the virus Iconfig the router as follows:
(config ter)
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply

route-map nachi-worm permit 10
match ip address 199
match length 92 92
set interface null0
(interface mode)
ip policy route-map nachi-worm

after I did this,I ping the configed side from other router using 92 byte length packet,it should has been blocked,but it didn't,I can still ping the configed side successfully.I am confused for I have used the route-map to the interface,while it does't work,can you give me the possable reason?thanks

 

[Andyleates]

I'm only guessing, but maybe you should be using deny instead of permit?

Andy Leates MCSE CCNA MCP+I

 

[rcasta]

No, I should be permit since falling into acl 199 and matching 92-byte length while leaving the rest of traffic alone is the way to go.

On the other hand, I'm not quite sure why it isn't working at all.

I will do some testing myself and let you know.

 

[dopehead]

Why apply the route-map to the Null0 interface ?

JAn