Configure disabling processing packets with IP options or RH type 0

To prevent Denial of Service (DoS) attack on the servers using large stream of packets containing IP options (for IPv4 packets) or Routing Header (type 0) (for IPv6 packets), they must be dropped. These packets are processed by default. This section describes how to disable this packet processing and prevent this type of attack.

About this task

To configure dropping of packets with IP options (IPv4 packets) or Routing Header (IPv6 packets), do the following.

Procedure

  1. Navigate to the Global Configuration Mode. 
    SLX # config terminal
SLX (config)#
  2. Execute one of the following commands.

    • For dropping IPv4 packets, execute 

      SLX (config)# ip option disable

    • For dropping IPv6 packets, execute 

      SLX (config)# ipv6 option disable

Results

Packets containing IP options (IPv4 packets) or Routing Header of type 0 (IPv6 packets) are dropped.

9037320-00 Rev AA