I recently tried the following commands on a Cisco Router that is setup between an ISP and a private network.
access-list 102 deny icmp any any echo-reply
access-list 102 deny icmp any any time-exceeded
ip access-group 102 in
the idea is to block traceroute and pings on this router, and everytime I apply that access list to the interface (it is the only access list), then the WHOLE internet goes down.