Triggers on receipt of an IP datagram where the list of IP options in the IP datagram header is incomplete or malformed. The IP options list contains one or more options that perform various network management or debugging tasks. The first field of each option in the list consists of an eight bit code field that is broken into three subfields:
COPY (Bit 0):Specifies to routers if the option information should be included in fragment headers. CLASS (Bits 1-2): Specifies 1 of 2 valid option classes: Network Control, Debugging
NUMBER (Bits 3-7): Specifies one of eight valid IP options. Option zero indicates end of list.
No known exploits purposely incorporate this option. This does not preclude the possibility that exploits do exist outside of the realm of Cisco Systems knowledge domain or that poorly written hacker code may produce malformed datagrams.
Recommended Filter
No recommended filters.
Benign Triggers
There is no legitimate use for malformed datagrams. This may be indicative of systems that are experiencing problems with their kernel or NIC cards. This is unusual traffic and warrants investigation.
LEGAL DISCLAIMER THE INFORMATION ON THIS PAGE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION CONTAINED HEREIN, OR MATERIALS LINKED FROM THE DOCUMENT, IS AT YOUR OWN RISK. INFORMATION IN THIS DOCUMENT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
