1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Conference System
  5. DVX-1000
  6. User manual

Firewall Feature Description - D-Link DVX-1000 User Manual

Network telephone exchange
Hide thumbs Also See for DVX-1000:
Table of Contents

Advertisement

DVX-1000 User Manual
Refusing packets having class E addresses

22.2.2 Firewall Feature Description

The following section discusses firewall features that the DVX-1000 offers
22.2.2.1 Malicious DHCP Server/DHCP Server Spoofing Attack
This attack can happen only when DHCP Client is enabled. DHCP Client can be
enabled or disabled selectively
Before learning the DHCP Server's IP Address, all the DHCP offers are accepted
by the DHCP Client. Once the DHCP Client learns the DHCP Server's IP Address,
firewall updates the rules with DHCP Server's IP Address to allow DHCP traffic
from the specific DHCP Server.
22.2.2.2 SIP Packets
SIP packets' reception/transmission can be allowed or disallowed selectively.
22.2.2.3 RTP/RTCP Packets
RTP/RTCP packets' reception/transmission can be allowed or blocked.
22.2.2.4 Directed Broadcast
A traditional IP network has two "special" members, the subnet and network
addresses. In many configurations, pinging either IP gives the same result as
pinging every IP in the network; namely, every machine replies.
Traditionally, this was used to see which devices were up or down on a network.
More recently, it's used to attack other users across the Internet. Since one ping
(ICMP echo request) generates many echo replies, attackers simply pretend the
ping is coming from the victim's computer. For every fake ("spoofed") ping they
send, the victim is flooded with many replies.
The directed broadcast is blocked by default.
22.2.2.5 Limited Broadcast
The limited broadcast is blocked.
22.2.2.6 Port Scanning
For disallowing an intruder from obtaining information on the ports opened on the
system. Port scanning is blocked and is implemented by using ScanD chain.
22.2.2.7 Broadcast Echo Protection
The system is protected against broadcast echo requests, since an attacker may
try to create a denial of service attack on subnets by sending many broadcast
echo requests to which all systems will respond. This also provides information on
systems that are available on the network. The system blocks ICMP Echo
broadcast requests.
22.2.2.8 Source routed packets
Source routed packets are blocked on all the available interfaces.
D-Link Confidential
75

Advertisement

Table of Contents
loading

Related Manuals for D-Link DVX-1000

Related Products for D-Link DVX-1000

Table of Contents