The IP standard RFC 791 specifies a set of options to provide
special routing controls, diagnostic tools, and security.
These options appear after the destination address in an IP packet
header. When they do appear, they are frequently being put to
some nefarious use. Timestamp is one of these options that an
attacker can use for reconnaissance or for some unknown but
suspicious purpose
When timestamp IP option is received, the security device
flags this as an network reconnaissance attack and records
the event for the ingress interface.
This attribute records the detection of IP timestamp option
packets.