Re: ip options

[Ron Bonica]

Folks,

I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.

Would anybody on this list be willing to author an Internet Draft?

                                     Ron
                                     (co-director IETF O&M Area)

Luca Tosolini wrote:
> Experts,
> out of the well-known values for ip options:
> 
> X@r4# set ip-options ? 
> Possible completions:
>   <range>              Range of values
>   [                    Open a set of values
>   any                  Any IP option
>   loose-source-route   Loose source route
>   route-record         Route record
>   router-alert         Router alert
>   security             Security
>   stream-id            Stream ID
>   strict-source-route  Strict source route
>   timestamp            Timestamp
> 
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
> 
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am therefore thinking
> to drop them.
> 
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> Thanks,
> Luca.
> 
> 
>