Scenario:
You are the security office for the national security team in the Netherlands. One of your routers has a very high CPU load and after looking closely you can see it’s spending a lot of cycles processing IP packets with special options. Since this isn’t normal you decide to implement some filtering.
Goals:
- All IP addresses have been preconfigure for you.
- Configure router Trash so it drops IP packets with the timestamp option.
- Configure router Trash so it drops IP packets with the loose source option.
IOS:
c3725-adventerprisek9_ivs-mz.124-15.T13
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
solution 1:
ip option drop
solution 2:
ip access-list ext abc
deny ip any any option trace route
permit ip any any
int fax/x
ip access-group abc in
my question to you:
after using ip option drop can we still allow only say ip option trace route?
Thanks
Hi Rene, is it possible to test for loose source option ?