[118768] in North American Network Operators' Group
RE: ip options
daemon@ATHENA.MIT.EDU (Dario Ciccarone (dciccaro))
Wed Oct 28 15:17:43 2009
Date: Wed, 28 Oct 2009 15:17:03 -0400
In-Reply-To: <1256756748.2228.9.camel@nld06907>
From: "Dario Ciccarone (dciccaro)" <dciccaro@cisco.com>
To: "Luca Tosolini" <bit.gossip@chello.nl>, "nanog" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Luca:
Check
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/s
ec_acl_sel_drop_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1
043334
Not the whole story, but :)
Hope it helps,
Dario
=20
> -----Original Message-----
> From: Luca Tosolini [mailto:bit.gossip@chello.nl]=20
> Sent: Wednesday, October 28, 2009 3:06 PM
> To: nanog
> Subject: ip options
>=20
> Experts,
> out of the well-known values for ip options:
>=20
> X@r4# set ip-options ?=20
> Possible completions:
> <range> Range of values
> [ Open a set of values
> any Any IP option
> loose-source-route Loose source route
> route-record Route record
> router-alert Router alert
> security Security
> stream-id Stream ID
> strict-source-route Strict source route
> timestamp Timestamp
>=20
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
>=20
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am=20
> therefore thinking
> to drop them.
>=20
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> Thanks,
> Luca.
>=20
>=20
>=20
