rbonica at juniper.net
Tue Nov 3 20:44:41 UTC 2009
I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.
Would anybody on this list be willing to author an Internet Draft?
(co-director IETF O&M Area)
Luca Tosolini wrote:
> out of the well-known values for ip options:
> X at r4# set ip-options ?
> Possible completions:
> <range> Range of values
> [ Open a set of values
> any Any IP option
> loose-source-route Loose source route
> route-record Route record
> router-alert Router alert
> security Security
> stream-id Stream ID
> strict-source-route Strict source route
> timestamp Timestamp
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am therefore thinking
> to drop them.
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
More information about the NANOG