beautypg.com

Ipoptionsizes, Ipopt_sr, Ipopt_ts – D-Link DFL-2500 User Manual

Page 306: Ipopt_other, Directedbroadcasts, Iprf, Stripdfonsmall

background image

Verifies that the size information contained in each "layer" (Ethernet, IP, TCP, UDP, ICMP) is
consistent with that of other layers.

Default: ValidateLogBad

IPOptionSizes

Verifies the size of "IP options". These options are small blocks of information that may be added to
the end of each IP header. This function checks the size of well-known option types and ensures that
no option exceeds the size limit stipulated by the IP header itself.

Default: ValidateLogBad

IPOPT_SR

Indicates whether source routing options are to be permitted. These options allow the sender of the
packet to control how the packet is to be routed through each router and firewall. These constitute an
enormous security risk. NetDefendOS never obeys the source routes specified by these options,
regardless of this setting.

Default: DropLog

IPOPT_TS

Time stamp options instruct each router and firewall on the packet's route to indicate at what time
the packet was forwarded along the route. These options do not occur in normal traffic. Time stamps
may also be used to "record" the route a packet has taken from sender to final destination.
NetDefendOS never enters information into these options, regardless of this setting.

Default: DropLog

IPOPT_OTHER

All options other than those specified above.

Default: DropLog

DirectedBroadcasts

Indicates whether NetDefendOS will forward packets which are directed to the broadcast address of
its directly connected networks. It is possible to achieve this functionality by adding lines to the
Rules section, but it is also included here for simplicity’s sake. This form of validation is faster than
entries in the Rules section since it is more specialized.

Default: DropLog

IPRF

Indicates what NetDefendOS will do if there is data in the "reserved" fields of IP headers. In normal
circumstances, these fields should read 0. Used by OS Fingerprinting.

Default: DropLog

StripDFOnSmall

Strip the Don’t Fragment flag for packets equal to or smaller than the size specified by this setting.

Default: 65535 bytes

IPOptionSizes

Chapter 13. Advanced Settings

306