Firewall Wizards mailing list archives

weird IP options.

From: esteban <esteban () reed edu>
Date: Mon, 26 Jul 1999 17:16:33 -0700 (PDT)



hi-

 I am trying to find out what the following entries in my PIX log might
be (IP's have been changed) to protect the innocent.


7/25/99,5:59:50 PM,10.254.254.246,pix.foo.com,LOCAL4,CRITICAL,%PI
X-2-106012: Deny IP from 4.19.19.136 to 210.222.222.123, IP options
0x80350ce4

7/25/99,5:59:57 PM,10.254.254.246,pix.foo.com,LOCAL4,CRITICAL,%PI
X-2-106012: Deny IP from 4.19.19.136 to 210.222.222.123, IP options
0x8030b6e4

7/25/99,6:00:08 PM,10.254.254.246,pix.foo.com,LOCAL4,CRITICAL,%PI
X-2-106012: Deny IP from 4.19.19.136 to 210.222.222.123, IP options
0x80380814

7/25/99,6:06:07 PM,10.254.254.246,pix.foo.com,LOCAL4,CRITICAL,%PI
X-2-106012: Deny IP from 4.19.19.136 to 210.222.222.123, IP options
0x802bf8c4

7/25/99,6:06:13 PM,10.254.254.246,pix.foo.com,LOCAL4,CRITICAL,%PI
X-2-106012: Deny IP from 4.19.19.136 to 210.222.222.123, IP options
0x802b9e94



These IP options don't seem to correspond to anything to which I can find
reference. From what I can tell, the IP option here is of type 128? That
would indicate that only the copy bit in the Type code octet is set.  Or
maybe I am reading the number wrong.

-esteban

Current thread:

weird IP options. esteban (Jul 27)
- Re: weird IP options. Ge' Weijers (Jul 27)
- Re: weird IP options. Andy Smith (Jul 29)