TABLE OF CONTENTS The 1000 series signatures examine IP options, IP fragmentation, and bad IP packets. IP headers are examined for correct IP options and fire alarms based on the content of the IP header. If the data contained within the IP header does not meet the requirements for IP headers these signatures fire an alarm. IP fragmentation signatures examine the fragments of a packet for suspicious activity. Bad IP packets focus on invalid or crafted packets.
1001-IP Options-Record Packet Route: This signature fires when an IP datagram is received with the IP option 7, Record Packet Route, set in the datagram.
1002-IP Options-Timestamp: This signature fires when an IP datagram is received with the IP option 4, Timestamp, set in the datagram.
1004-IP Options-Loose Source Route: This signature fires when an IP datagram is received with the IP option Loose Source Route (option 3) is set in the datagram.
1006-IP Options-Strict Source Route: This signature fires when an IP datagram is received with the IP option Strict Source Routing (option 2) is set in the datagram.
1100-IP Fragment Attack: This signature fires when IP datagrams are received with a offset value greater than 0 but less that 5 in the offset field.
1101-Unknown IP Protocol: This signature fires when an IP datagram is received with the protocol field set to 134 or greater.
1102-Impossible IP Packet: This signature fires when an IP packet arrives with source equal to destination address.
1103-IP Fragments Overlap: This signature is...
