To prevent Denial of Service (DoS) attack on the servers using large stream of packets containing IP options (for IPv4 packets) must be dropped. This packet is processed by default. This section describes how to disable this packet processing and prevent this type of attack.
Note
The configuration for disabling packets with IP options cannot be done along with the configuration for disabling processing of packets with destination as CPU. They are mutually exclusive of each other. You cannot use the configuration commands ip options disable and ip options disable-cpu together.
To configure dropping of packets with IP options (IPv4 packets), do the following.
Packets containing IP options (IPv4 packets) are dropped.