RE: Can anyone explain this:

Sun, 04 Jun 2000 14:49:49 -0700 

For an explanation of what IP options are and how they work, see RFC 791,
Internet Protocol.

--Eric

-----Original Message-----
From: Tony Driscoll [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 03, 2000 11:23 PM
To: Network Operations; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Can anyone explain this:


I can't answer what the IP options hex string means but I did recently open
a TAC case with Cisco wanting the same answers. What I got from them is that
while this particular Syslog event CAN mean a potential intrusion attempt
(if you read the Syslog description for this message on Cisco's doc, it
mentions this), the IP options portion is useless and really only shows up
because a PIX by default will dump any IP packet with "options". I was also
told that some NIC cards have a software switch to not allow options (I
still don't know what "options" really are and Cisco TAC didn't provide that
info) but other cards can do this unbeknownst to the user...


-Tony Driscoll

Tony Driscoll
Network Group
Lands' End, Inc.

(608) 935-4882
(608) 935-4998 fax

[EMAIL PROTECTED]




----- Original Message -----
From: "Network Operations" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 02, 2000 8:47 AM
Subject: Can anyone explain this:


> (Time Zone = PDT)
>
> <snip>
> 2000/06/01 11:55:01<162>%PIX-2-106012: Deny IP from 134.121.31.40 to
192.168.10.155, IP options 0x94040000
> <snip>
>
>
> Im familiar with the low_N_slow method but *sheesh* (1) packet?!
>
> anyway to save you the trouble the source resolves to:
>
> Washington State University (NET-WSUNET)
>         Computing Service Center
>         Pullman, WA 99164-1220
>
>         Netname: WSUNET
>         Netnumber: 134.121.0.0
>
>         Coordinator:
>            Wegner, Rick  (RW211-ARIN)  [EMAIL PROTECTED]
>            (509) 335-0464
>
>         Domain System inverse mapping provided by:
>
>         CENTAUR.IT.WSU.EDU           134.121.2.54
>         DNS1.EECS.WSU.EDU            134.121.64.1
>         YODA.EECS.WSU.EDU            134.121.32.2
>
>         Record last updated on 03-Jan-1992.
>         Database last updated on 2-Jun-2000 06:32:11 EDT.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to