| 1 |
# |
|---|
| 2 |
############################################################################ |
|---|
| 3 |
# |
|---|
| 4 |
# File: ip_options (/etc/psad/ip_options) |
|---|
| 5 |
# |
|---|
| 6 |
# Purpose: To define the signature language interface for psad to detect |
|---|
| 7 |
# suspicious IP options (source routing, etc.). This emulates |
|---|
| 8 |
# (and extends) the "ipopts" keyword functionality available in |
|---|
| 9 |
# the Snort IDS. |
|---|
| 10 |
# |
|---|
| 11 |
############################################################################ |
|---|
| 12 |
# |
|---|
| 13 |
# $Id$ |
|---|
| 14 |
# |
|---|
| 15 |
|
|---|
| 16 |
# <option value> <length (-1 for variable)> <ipopts argument> <description> |
|---|
| 17 |
0 1 eol End of options list |
|---|
| 18 |
1 1 nop NOP |
|---|
| 19 |
130 11 sec Security |
|---|
| 20 |
131 -1 lsrr Loose Source Route |
|---|
| 21 |
### (lsrre is included in Snort but not documented anywhere else) |
|---|
| 22 |
132 -1 lsrre Loose Source Route |
|---|
| 23 |
68 -1 ts Timestamp |
|---|
| 24 |
133 -1 extsec Extended Security |
|---|
| 25 |
134 -1 comsec Commercial Security |
|---|
| 26 |
7 -1 rr Record Route |
|---|
| 27 |
136 4 satid Stream Identifier |
|---|
| 28 |
137 -1 ssrr Strict Source Route |
|---|
| 29 |
10 -1 expm Experimental Measurement |
|---|
| 30 |
11 4 mtu MTU Probe |
|---|
| 31 |
12 4 mtur MTU Reply |
|---|
| 32 |
205 -1 expflow Experimental Flow Control |
|---|
| 33 |
142 -1 expaccess Experimental Access Control |
|---|
| 34 |
144 -1 imitraf IMI Traffic Descriptor |
|---|
| 35 |
145 -1 extproto Extended Internet Proto |
|---|
| 36 |
82 12 traceroute Traceroute |
|---|
| 37 |
147 10 addrext Address Extension |
|---|
| 38 |
148 4 ralert Router Alert |
|---|
| 39 |
149 -1 sbrdcast Selective Directed Broadcast Mode |
|---|
| 40 |
150 -1 nsapaddr NSAP Addresses |
|---|
| 41 |
151 -1 dpktstate Dynamic Packet State |
|---|
| 42 |
152 -1 umcast Upstream Multicast Packet |
|---|
