Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 7124ec80a1
Fetching contributors…

Cannot retrieve contributors at this time

file 40 lines (39 sloc) 1.573 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
#
############################################################################
#
# File: ip_options (/etc/psad/ip_options)
#
# Purpose: To define the signature language interface for psad to detect
# suspicious IP options (source routing, etc.). This emulates
# (and extends) the "ipopts" keyword functionality available in
# the Snort IDS.
#
############################################################################
#

# <option value> <length (-1 for variable)> <ipopts argument> <description>
0 1 eol End of options list
1 1 nop NOP
130 11 sec Security
131 -1 lsrr Loose Source Route
### (lsrre is included in Snort but not documented anywhere else)
132 -1 lsrre Loose Source Route
68 -1 ts Timestamp
133 -1 extsec Extended Security
134 -1 comsec Commercial Security
7 -1 rr Record Route
136 4 satid Stream Identifier
137 -1 ssrr Strict Source Route
10 -1 expm Experimental Measurement
11 4 mtu MTU Probe
12 4 mtur MTU Reply
205 -1 expflow Experimental Flow Control
142 -1 expaccess Experimental Access Control
144 -1 imitraf IMI Traffic Descriptor
145 -1 extproto Extended Internet Proto
82 12 traceroute Traceroute
147 10 addrext Address Extension
148 4 ralert Router Alert
149 -1 sbrdcast Selective Directed Broadcast Mode
150 -1 nsapaddr NSAP Addresses
151 -1 dpktstate Dynamic Packet State
152 -1 umcast Upstream Multicast Packet
Something went wrong with that request. Please try again.