[118965] in North American Network Operators' Group
Re: ip options
daemon@ATHENA.MIT.EDU (Ron Bonica)
Tue Nov 3 15:50:40 2009
Date: Tue, 3 Nov 2009 15:44:41 -0500
From: Ron Bonica <rbonica@juniper.net>
To: Luca Tosolini <bit.gossip@chello.nl>
In-Reply-To: <1256756748.2228.9.camel@nld06907>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Folks,
I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.
Would anybody on this list be willing to author an Internet Draft?
Ron
(co-director IETF O&M Area)
Luca Tosolini wrote:
> Experts,
> out of the well-known values for ip options:
>
> X@r4# set ip-options ?
> Possible completions:
> <range> Range of values
> [ Open a set of values
> any Any IP option
> loose-source-route Loose source route
> route-record Route record
> router-alert Router alert
> security Security
> stream-id Stream ID
> strict-source-route Strict source route
> timestamp Timestamp
>
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
>
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am therefore thinking
> to drop them.
>
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> Thanks,
> Luca.
>
>
>
