IP Options filtering
- From: "e_zverev" <ezverev@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Jun 2005 11:14:15 -0700
Hi,
This seems to be the last "black area" for me in the ISA 2004 configuration.
Actually I have several questions concerning the options configured in
“<Server>/Configuration/General/Define IP Preferences” dialog.
Let me qualify a situation. I have “IP Options filtering” enabled. “Deny
packets with the selected IP options” mode is chosen. Several options like
option 68 (Time Stamp) are selected as it is done by default.
Did I get it right that ISA server does block any inbound or outbound IP
packets that have mentioned options filled?
I tried to find some information on the purpose for these IP Options and I
did find some. For example on
http://www.networksorcery.com/enp/protocol/ip.htm
Could anybody comment?
1. Why do I see only a very limited list of IP options in IP Options
filtering?
2. Why are other options listed as undefined and untitled when I ask to list
them anyway?
3. What is a possible reason to prohibit IP options? Are there any standard
situations in which I should change the default settings?
4. I have found only a single criterion for the default setting. Those
options that have variable length by definition are banned by default. Is
this the reason?
5. Is there a way to see the effect of the IP Options filtering? Is it
logged in the firewall log? How do I distinguish these records?
Thanks in advance.
--
Eugene U. Zverev,
System Administrator
.
- Prev by Date: 2 DSLs, dual WAN router, SBS Premium, and 2nd ISA server config
- Next by Date: Re: 2 DSLs, dual WAN router, SBS Premium, and 2nd ISA server confi
- Previous by thread: 2 DSLs, dual WAN router, SBS Premium, and 2nd ISA server config
- Next by thread: telnetting
- Index(es):
Relevant Pages
|
