Folks, I would love to see the IETF OPSEC WG publish a document on the pros and cons of filtering optioned packets. Would anybody on this list be willing to author an Internet Draft? Ron (co-director IETF O&M Area) Luca Tosolini wrote:
Experts, out of the well-known values for ip options:
X@r4# set ip-options ? Possible completions: <range> Range of values [ Open a set of values any Any IP option loose-source-route Loose source route route-record Route record router-alert Router alert security Security stream-id Stream ID strict-source-route Strict source route timestamp Timestamp
I can only think of: - RSVP using router-alert - ICMP using route-record, timestamp
But I can not think of any other use of any other IP option. Considering the security hazard that they imply, I am therefore thinking to drop them.
Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd? Thanks, Luca.