Example: Restricted IP options policy

This example is of an IDS attack policy that targets restricted IP options for a single local IPv6 address, a range of remote IPv6 addresses, and all ports.

There are 256 possible IP options, with only a small number currently in common use. Checking for restricted IP options is performed on all inbound and outbound packets, even those forwarded to another system. You can use the IDS policy to provide notification of a packet with a restricted IP option, as well as to discard the packet.

A hacker might try to use restricted IP options, such as Loose Source and Record Route (LSRR), to get through firewalls. LSRR is used to map a network's topology and discover private IP addresses.

Table 1. Restricted IP options example
Setting Value
Policy name Restricted_IP_option_policy
Policy type Attack
Attack type Restricted IP options
Local IP addresses 2001:0db8:3c4d:0015:0000:0000:abcd:ef12
Local ports All ports
Remote IP addresses 2002:9436:7a00:0000:0000:0000:0000:0000- 2002:9436:7aff:ffff:ffff:ffff:ffff:ffff
Remote ports All ports
Statistics interval 5 minutes
Maximum event messages 5
Send e-mail notification Yes