[146609] in North American Network Operators' Group
Re: IP Options
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Nov 17 10:08:55 2011
In-Reply-To: <CAB_zYd+-mmCzw6M7Om3ecL=6RvK2S_BLXs13wyZ2AnF=mWgQhw@mail.gmail.com>
Date: Thu, 17 Nov 2011 10:07:48 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: harbor235 <harbor235@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
got pcaps?
On Thu, Nov 17, 2011 at 10:04 AM, harbor235 <harbor235@gmail.com> wrote:
> Is it just me or has there been an increase in packets with IP options se=
t
> hitting
> our front door? There are ways to mitigate e.g. IP options selective
> discard, and ACL
> IP options support. ACL entries on the edge appear to be the best
> way identify and log the source.
> IP options selective discard drops packets silently so from my view they
> are not as effective.
>
> Is anyone doing anything else to identify and mitigate? =A0I have been se=
eing
> hits on our firewalls
> but would rather take care of it at our edge with little or no impact.
>
>
> Mike
>
