Ethernet type filtering, Land bug/smurf attack prevention – Paradyne Hotwire 6342 User Manual
Page 33
3. Configuring the DSL Router
6371-A2-GB20-20
May 2001
3-11
Ethernet Type Filtering
Ethernet Type filtering (Ethertype) does not apply when the DSL router is in
router-only mode. By default, Ethertype filtering is disabled on the Hotwire DSL
card for the DSL router. If enabled, separate Ethertype filters are applied to the
Ethernet and/or DSL interface with one filter per interface direction. There is a
maximum of 16 rules per list. Each rule access list allows filtering of a single
Ethertype or a range of Ethertypes.
MAC frames can be filtered based on the:
T
SNAP Ethernet field in the 802.3 header.
T
Protocol type field in the DIX Ethernet header.
For Ethertype filters, the rules are applied in the order in which they were
configured. For additional information about Ethertype filters, refer to the
.
Land Bug/Smurf Attack Prevention
Land Bug and Smurf Attack prevention are enhanced firewall features provided
by the router.
T
Land Bug – The router drops all packets received on its DSL or Ethernet
interface when the source IP address is the same as the destination IP
address. This prevents the device from being kept busy by constantly
responding to itself.
T
Smurf Attack – The router does not forward directed broadcasts on its DSL
and Ethernet interfaces, or send an ICMP echo reply to the broadcast
address. This ensures that a legitimate user will be able to use the network
connection even if ICMP echo/reply (smurf) packets are sent to the broadcast
address.