Folks,
I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.
Would anybody on this list be willing to author an Internet Draft?
Ron
(co-director IETF O&M Area)
Luca Tosolini wrote:
> Experts,
> out of the well-known values for ip options:
>
> x...@r4# set ip-options ?
> Possible completions:
> <range> Range of values
> [ Open a set of values
> any Any IP option
> loose-source-route Loose source route
> route-record Route record
> router-alert Router alert
> security Security
> stream-id Stream ID
> strict-source-route Strict source route
> timestamp Timestamp
>
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
>
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am therefore thinking
> to drop them.
>
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> Thanks,
> Luca.
>
>
>
