nanog mailing list archives
Re: IP Options
From: harbor235 <harbor235 () gmail com>
Date: Thu, 17 Nov 2011 10:17:50 -0500
Sure, but mirroring a port on the edge may not be the best way to go, ACL hits and logs dumped to syslog may be the best approach. So if your capturing traffic how are you mitigating this traffic with minimal impact? Mike On Thu, Nov 17, 2011 at 10:07 AM, Christopher Morrow < morrowc.lists () gmail com> wrote:
got pcaps? On Thu, Nov 17, 2011 at 10:04 AM, harbor235 <harbor235 () gmail com> wrote:Is it just me or has there been an increase in packets with IP optionssethitting our front door? There are ways to mitigate e.g. IP options selective discard, and ACL IP options support. ACL entries on the edge appear to be the best way identify and log the source. IP options selective discard drops packets silently so from my view they are not as effective. Is anyone doing anything else to identify and mitigate? I have beenseeinghits on our firewalls but would rather take care of it at our edge with little or no impact. Mike
Current thread:
- IP Options harbor235 (Nov 17)
- Re: IP Options Christopher Morrow (Nov 17)
- Re: IP Options harbor235 (Nov 17)
- Re: IP Options Christopher Morrow (Nov 17)
- Re: IP Options harbor235 (Nov 17)
- Re: IP Options Christopher Morrow (Nov 17)