Configuring the DSL Router

Security

The DSL router offers security via the following:

HIP Filtering ± Can be enabled or disabled.

HLand Bug/Smurf Attack Prevention ± Always present.

IP Filtering

NOTE:

All Hotwire DSL Router filters are configured on the Hotwire DSL card.

By default, filtering is disabled on the Hotwire DSL card for the DSL router.

If enabled, filtering provides security advantages on LANs by restricting traffic on the network and hosts based on the IP source and/or destination addresses.

IP packets can be filtered based on:

HDestination IP Address

HIP Protocol Type

HSource and Destination Port Number (if applicable)

HSource IP Address

HTCP Filter (prevents the receipt of downstream TCP connect requests)

NOTE:

If the Source IP Address filter is enabled on the Hotwire card and an

IP address is assigned to the DSL interface, there must also be an entry configured in the Hotwire Client Table for the DSL interface's IP address.

For more information about IP filtering, see the Hotwire MVL, RADSL, IDSL, and SDSL Cards, Models 8310/8312, 8510/8373/8374, 8303/8304, and 8343/8344, User's Guide.

Land Bug/Smurf Attack Prevention

Land Bug and Smurf Attack prevention are enhanced firewall features provided by the DSL Router:

HLand Bug ± The DSL router drops all packets received on its DSL interface or Ethernet interface when the source IP address is the same as the destination IP address. This prevents the device from being kept busy by constantly responding to itself.

HSmurf Attack ± The DSL Router will not forward directed broadcasts on its DSL and Ethernet interfaces, nor will it send an ICMP echo reply to the broadcast address. This ensures that a legitimate user will be able to use the network connection even if ICMP echo/reply (smurf) packets are sent to the broadcast address.

6371-A2-GB20-10

August 2000

3-9

Page 29
Image 29
Paradyne Routers manual Security, IP Filtering, Land Bug/Smurf Attack Prevention