The icmp port-unreachable send command enables an interface to send ICMP Port Unreachable messages.
The undo icmp port-unreachable send command disables an interface from sending ICMP Port Unreachable messages.
By default, an interface is enabled to send ICMP Port Unreachable messages.
By default, an interface replies with an ICMP Port Unreachable message when it does not search for a matching listening socket for a received TCP/UDP message. The interface adds its IP address as the source IP address in the ICMP Port Unreachable message, exposing the interface itself to attackers. In addition, after being attacked, the interface replies with numerous ICMP Port Unreachable messages, consuming CPU resources and degrading system performance. To resolve these problems, run the undo icmp port-unreachable send command to disable the interface from replying with ICMP Port Unreachable messages.