> Why not just set up the router between the Internet and the Firewall to
> drop packets with options 0x83 and 0x89 and log the event? Or better yet,
> strip the option off? I mean, this isn't rocket science.
You hit the nail squarely on the proverbial head.
In fact, routers which disallow IP source-routing altogether (cisco
systems, for examle) make it a snap.
Can we move on now to other more interesting topics? ,-)
Managed Network Engineering tel: 703.904.2437
Herndon, Virginia USA internet: paul @