Stopping IP options attacks

Another type of attack that can be used to disrupt your network involves IP options in the packet header. IP options are extensions of the Internet Protocol that are usually used for debugging or for special applications. For example, if you allow IP options, the attacker can use the options to specify a route that helps him or her gain access to your network. Although there is some gain to leaving IP options enabled, the risk generally outweighs the benefit.

From Policy Manager:

1. On the toolbar, click the Default Packet Handling icon.

   You can also, from Policy Manager, select Setup => Intrusion Prevention => Default Packet Handling.

   The Default Packet Handling dialog box appears.

2. Enable the checkbox marked Block IP Options.

Related topics:

Default Packet Handling

Blocking spoofing attacks

Blocking port space and address space attacks

Stopping SYN Flood attacks

Return to Top

Copyright © 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use