Re: IP Options

[harbor235 <harbor235 () gmail com>]

Sure, but mirroring a port on the edge may not be the best way to go, ACL
hits and logs
dumped to syslog may be the best approach. So if your capturing traffic how
are you mitigating this traffic
with minimal impact?

Mike

On Thu, Nov 17, 2011 at 10:07 AM, Christopher Morrow <
morrowc.lists () gmail com> wrote:

> got pcaps?
>
> On Thu, Nov 17, 2011 at 10:04 AM, harbor235 <harbor235 () gmail com> wrote:
> > Is it just me or has there been an increase in packets with IP options
> set
> > hitting
> > our front door? There are ways to mitigate e.g. IP options selective
> > discard, and ACL
> > IP options support. ACL entries on the edge appear to be the best
> > way identify and log the source.
> > IP options selective discard drops packets silently so from my view they
> > are not as effective.
> >
> > Is anyone doing anything else to identify and mitigate?  I have been
> seeing
> > hits on our firewalls
> > but would rather take care of it at our edge with little or no impact.
> >
> >
> > Mike