-
Notifications
You must be signed in to change notification settings - Fork 77
/
ip_options
40 lines (39 loc) · 1.54 KB
/
ip_options
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#
############################################################################
#
# File: ip_options (/etc/psad/ip_options)
#
# Purpose: To define the signature language interface for psad to detect
# suspicious IP options (source routing, etc.). This emulates
# (and extends) the "ipopts" keyword functionality available in
# the Snort IDS.
#
############################################################################
#
# <option value> <length (-1 for variable)> <ipopts argument> <description>
0 1 eol End of options list
1 1 nop NOP
130 11 sec Security
131 -1 lsrr Loose Source Route
### (lsrre is included in Snort but not documented anywhere else)
132 -1 lsrre Loose Source Route
68 -1 ts Timestamp
133 -1 extsec Extended Security
134 -1 comsec Commercial Security
7 -1 rr Record Route
136 4 satid Stream Identifier
137 -1 ssrr Strict Source Route
10 -1 expm Experimental Measurement
11 4 mtu MTU Probe
12 4 mtur MTU Reply
205 -1 expflow Experimental Flow Control
142 -1 expaccess Experimental Access Control
144 -1 imitraf IMI Traffic Descriptor
145 -1 extproto Extended Internet Proto
82 12 traceroute Traceroute
147 10 addrext Address Extension
148 4 ralert Router Alert
149 -1 sbrdcast Selective Directed Broadcast Mode
150 -1 nsapaddr NSAP Addresses
151 -1 dpktstate Dynamic Packet State
152 -1 umcast Upstream Multicast Packet