1. Manuals
  2. Brands
  3. D-Link Manuals
  4. VoIP
  5. DVX-1000
  6. User manual

Firewall Feature Description - D-Link DVX-1000 User Manual

Network telephone exchange
Hide thumbs Also See for DVX-1000:
Table of Contents

Advertisement

Refusing packets having source IP address as loop back address
Refusing malformed broadcast packets
Refusing packets having source IP address as multicast IP Addresses
Refusing packets having class E addresses

21.2.2 Firewall Feature Description

The following section discusses call features that the D-Link Voice Solution offers
21.2.2.1 Malicious DHCP Server/DHCP Server Spoofing Attack
This attack can happen only when DHCP Client is enabled. DHCP Client can be
enabled or disabled selectively
Before learning the DHCP Server's IP Address, all the DHCP offers are accepted by
the DHCP Client. Once the DHCP Client learns the DHCP Server's IP Address, firewall
updates the rules with DHCP Server's IP Address to allow DHCP traffic from the
specific DHCP Server.
21.2.2.2 SIP Packets
SIP packets' reception/transmission can be allowed or disallowed selectively.
21.2.2.3 RTP/RTCP Packets
RTP/RTCP packets' reception/transmission can be allowed or blocked.
21.2.2.4 Directed Broadcast
A traditional IP network has two "special" members, the subnet and network
addresses. In many configurations, pinging either IP gives the same result as pinging
every IP in the network; namely, every machine replies.
Traditionally, this was used to see which devices were up or down on a network.
More recently, it's used to attack other users across the Internet. Since one ping
(ICMP echo request) generates many echo replies, attackers simply pretend the ping
is coming from the victim's computer. For every fake ("spoofed") ping they send, the
victim is flooded with many replies.
The directed broadcast is blocked by default.
21.2.2.5 Limited Broadcast
The limited broadcast is blocked.
21.2.2.6 Port Scanning
For disallowing an intruder from obtaining information on the ports opened on the
system. Port scanning is blocked and is implemented by using ScanD chain.
21.2.2.7 Broadcast Echo Protection
The system is protected against broadcast echo requests, since an attacker may try
to create a denial of service attack on subnets by sending many broadcast echo
requests to which all systems will respond. This also provides information on systems
that are available on the network. The system blocks ICMP Echo broadcast requests.
D-Link Confidential
DVX-1000 User Manual
37

Advertisement

Table of Contents
loading

Related Manuals for D-Link DVX-1000

Related Content for D-Link DVX-1000

Table of Contents