Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 41 lines (39 sloc) 1.573 kB
2983f64 @mrash added ip_options file to define the signature interface for IP options
authored
1 #
2 ############################################################################
3 #
af90352 @mrash minor update to document default path installation
authored
4 # File: ip_options (/etc/psad/ip_options)
2983f64 @mrash added ip_options file to define the signature interface for IP options
authored
5 #
6 # Purpose: To define the signature language interface for psad to detect
7 # suspicious IP options (source routing, etc.). This emulates
8 # (and extends) the "ipopts" keyword functionality available in
9 # the Snort IDS.
10 #
11 ############################################################################
12 #
13
14 # <option value> <length (-1 for variable)> <ipopts argument> <description>
15 0 1 eol End of options list
16 1 1 nop NOP
17 130 11 sec Security
18 131 -1 lsrr Loose Source Route
19 ### (lsrre is included in Snort but not documented anywhere else)
20 132 -1 lsrre Loose Source Route
21 68 -1 ts Timestamp
22 133 -1 extsec Extended Security
23 134 -1 comsec Commercial Security
24 7 -1 rr Record Route
25 136 4 satid Stream Identifier
26 137 -1 ssrr Strict Source Route
27 10 -1 expm Experimental Measurement
28 11 4 mtu MTU Probe
29 12 4 mtur MTU Reply
30 205 -1 expflow Experimental Flow Control
31 142 -1 expaccess Experimental Access Control
32 144 -1 imitraf IMI Traffic Descriptor
33 145 -1 extproto Extended Internet Proto
34 82 12 traceroute Traceroute
35 147 10 addrext Address Extension
36 148 4 ralert Router Alert
37 149 -1 sbrdcast Selective Directed Broadcast Mode
38 150 -1 nsapaddr NSAP Addresses
39 151 -1 dpktstate Dynamic Packet State
40 152 -1 umcast Upstream Multicast Packet
Something went wrong with that request. Please try again.