Example: Restricted IP options policy
This example is of an IDS attack policy that targets restricted IP options for a single local IPv6 address, a range of remote IPv6 addresses, and all ports.
There are 256 possible IP options, with only a small number currently in common use. Checking for restricted IP options is performed on all inbound and outbound packets, even those forwarded to another system. You can use the IDS policy to provide notification of a packet with a restricted IP option, as well as to discard the packet.
A hacker might try to use restricted IP options, such as Loose Source and Record Route (LSRR), to get through firewalls. LSRR is used to map a network's topology and discover private IP addresses.
| Setting | Value |
|---|---|
| Policy name | Restricted_IP_option_policy |
| Policy type | Attack |
| Attack type | Restricted IP options |
| Local IP addresses | 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 |
| Local ports | All ports |
| Remote IP addresses | 2002:9436:7a00:0000:0000:0000:0000:0000- 2002:9436:7aff:ffff:ffff:ffff:ffff:ffff |
| Remote ports | All ports |
| Statistics interval | 5 minutes |
| Maximum event messages | 5 |
| Send e-mail notification | Yes |