Security, Ip filtering, Land bug/smurf attack prevention – Paradyne Hotwire Routers User Manual

Configuring the DSL Router

3-9

6371-A2-GB20-10

August 2000

Security

The DSL router offers security via the following:

H

IP Filtering – Can be enabled or disabled.

H

Land Bug/Smurf Attack Prevention – Always present.

IP Filtering

NOTE:

All Hotwire DSL Router filters are configured on the Hotwire DSL card.

By default, filtering is disabled on the Hotwire DSL card for the DSL router.
If enabled, filtering provides security advantages on LANs by restricting traffic on
the network and hosts based on the IP source and/or destination addresses.

IP packets can be filtered based on:

H

Destination IP Address

H

IP Protocol Type

H

Source and Destination Port Number (if applicable)

H

Source IP Address

H

TCP Filter (prevents the receipt of downstream TCP connect requests)

NOTE:

If the Source IP Address filter is enabled on the Hotwire card and an
IP address is assigned to the DSL interface, there must also be an entry
configured in the Hotwire Client Table for the DSL interface’s IP address.

For more information about IP filtering, see the

Hotwire MVL, RADSL, IDSL, and

SDSL Cards, Models 8310/8312, 8510/8373/8374, 8303/8304, and 8343/8344,
User’s Guide.

Land Bug/Smurf Attack Prevention

Land Bug and Smurf Attack prevention are enhanced firewall features provided
by the DSL Router:

H

Land Bug – The DSL router drops all packets received on its DSL interface
or Ethernet interface when the source IP address is the same as the
destination IP address. This prevents the device from being kept busy by
constantly responding to itself.

H

Smurf Attack – The DSL Router will not forward directed broadcasts on its
DSL and Ethernet interfaces, nor will it send an ICMP echo reply to the
broadcast address. This ensures that a legitimate user will be able to use the
network connection even if ICMP echo/reply (smurf) packets are sent to the
broadcast address.