Table 42 lists the IP options and their accompanying attributes.
Table 42: IP Options and Attributes
|
Type |
Class |
Number |
Length |
Intended Use |
Nefarious Use |
|---|---|---|---|---|---|
|
End of Options |
0* |
0 |
0 |
Indicates the end of one or more IP options. |
None. |
|
No Options |
0 |
1 |
0 |
Indicates there are no IP options in the header. |
None. |
|
Security |
0 |
2 |
11 bits |
Provides a way for hosts to send security, TCC (closed user group) parameters, and Handling Restriction Codes compatible with Department of Defense (DoD) requirements. (This option, as specified in RFC 791, Internet Protocol, and RFC 1038, Revised IP Security Option, is obsolete.) |
Unknown. However, because it is obsolete, its presence in an IP header is suspect. |
|
Loose Source Route |
0 |
3 |
Varies |
Specifies a partial route list for a packet to take on its journey from source to destination. The packet must proceed in the order of addresses specified, but it is allowed to pass through other devices in between those specified. |
Evasion. The attacker can use the specified routes to hide the true source of a packet or to gain access to a protected network. (See Blocking Packets with Either a Loose or Strict Source Route Option Set.) |
|
Record Route |
0 |
7 |
Varies |
Records the IP addresses of the network devices along the path that the IP packet travels. The destination machine can then extract and process the route information. (Due to the size limitation of 40 bytes for both the option and storage space, this can only record up to 9 IP addresses.) |
Reconnaissance. If the destination host is a compromised machine in the attacker's control, he or she can glean information about the topology and addressing scheme of the network through which the packet passed. |
|
Stream ID |
0 |
8 |
4 bits |
(Obsolete) Provided a way for the 16-bit SATNET stream identifier to be carried through networks that did not support the stream concept. |
Unknown. However, because it is obsolete, its presence in an IP header is suspect. |
|
Strict Source Route |
0 |
9 |
Varies |
Specifies the complete route list for a packet to take on its journey from source to destination. The last address in the list replaces the address in the destination field. |
Evasion. An attacker can use the specified routes to hide the true source of a packet or to gain access to a protected network. (See Blocking Packets with Either a Loose or Strict Source Route Option Set.) |
|
Timestamp |
2** |
4 |
|
Records the time (in Universal Time***) when each network device receives the packet during its trip from the point of origin to its destination. The network devices are identified by IP number. This option develops a list of IP addresses of the devices along the path of the packet and the duration of transmission between each one. |
Reconnaissance. If the destination host is a compromised machine in the attacker's control, he or she can glean information about the topology and addressing scheme of the network through which the packet passed. |
|
* The class of options identified as “ 0” was designed to provide extra packet or network control. ** The class of options identified as “ 2” was designed for diagnostics, debugging, and measurement. *** The timestamp uses the number of milliseconds since midnight Universal Time (UT). UT is also known as Greenwich Mean Time (GMT), which is the basis for the international time standard. |
|||||