Bugtraq mailing list archives
Blocking IP Options (was Re: Remote DoS in Axent's Raptor 6.0)
From: kadokev () MSG NET (kadokev () MSG NET)
Date: Thu, 28 Oct 1999 11:09:02 -0500
Can anyone point me to some info on blocking ip options? A search of cisco's site and dejanews does not show anything. Hal Kuff TESSCO Technologies
IOS has support for blocking a few IP Options, including source route and IP security, however the PIX firewall seems to be the only Cisco product that appears to block the more obscure options. Darren Reed's IP Filter, (see http://newcoombs.anu.edu.au/~avalon/ for details) is a free packet filter as a loadable kernel module, runs on many Unix platforms, and is included in the current (Free|Net|Open)BSD distributions. IP Filter (ipf) can block IP Options and all short fragments. Where I have installed ipf, the ipf.rules file usually begins with: block in quick from any to any with short frag block in quick all with ipopts I usually then go on to block spoofed packets, including the RFC 1597 source addresses, and for the truly paranoid, any packets claiming the 127. network exists on other than the loopback interface. Kevin
Current thread:
- Re: Remote DoS in Axent's Raptor 6.0 Inc, MSG.Net (Oct 26)
- <Possible follow-ups>
- Re: Remote DoS in Axent's Raptor 6.0 der Mouse (Oct 27)
- Re: Remote DoS in Axent's Raptor 6.0 Kuff, Hal (Oct 28)
- Blocking IP Options (was Re: Remote DoS in Axent's Raptor 6.0) kadokev () MSG NET (Oct 28)