Firewalls: Filtering all IP Packets that contain options

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Filtering all IP Packets that contain options
From:	smartin @ fujitsu . ca (Steve Martin)
Date:	Thu, 8 Sep 1994 13:22:57 -0400
To:	firewalls @ greatcircle . com

Hi,

   I'm trying to set up some filters on my gateway. Unfortunately the software
that I'm using is somewhat limited and requires that you match patterns in the
packets. In order to do this I have to make sure that the fields in the TCP
header are always in the same place. To do this the size of the IP header must be
fixed.  I am therefore thinking of tossing all incoming IP packets that do not
have an IP header length of 5 words. This means that I will be tossing all
packets that contain options. Is there a problem with this? From what I've read,
you want to get rid of any packets that contain source routing options anyway,
are any other options common and desirable?
--------------------------------------------------------------------------------
Stephen Martin		    oO		Fujitsu Systems Business of Canada, Inc.
smartin @
 fujitsu .
 ca	  Fujitsu	Box 30
Phone: (416)512-0342 x3137		5140 Yonge St., Suite 2000
Fax:   (416)512-0344                    North York, Ontario, Canada. M2N 6L7
--------------------------------------------------------------------------------

Follow-Ups:

Re: Filtering all IP Packets that contain options
From: strick -- henry strickland <strick @ versant . com>

Indexed By Date	Previous:	Re: Livingston vs MorningStar routers From: m-kf2480 @ SPARKY . CS . NYU . EDU (Kuojueng Fung)
Indexed By Date	Next:	Building TIS on Solaris 2.3 using ucblib's From: Todd W Joseph <twj @ world . std . com>
Indexed By Thread	Previous:	Dialup routers???? From: ingemar @ anjou . data . telia . se (Ingemar Lundqvist)
Indexed By Thread	Next:	Re: Filtering all IP Packets that contain options From: strick -- henry strickland <strick @ versant . com>