beautypg.com

Ethernet type filtering, Land bug/smurf attack prevention – Paradyne Hotwire 6342 User Manual

Page 33

background image

3. Configuring the DSL Router

6371-A2-GB20-20

May 2001

3-11

Ethernet Type Filtering

Ethernet Type filtering (Ethertype) does not apply when the DSL router is in
router-only mode. By default, Ethertype filtering is disabled on the Hotwire DSL
card for the DSL router. If enabled, separate Ethertype filters are applied to the
Ethernet and/or DSL interface with one filter per interface direction. There is a
maximum of 16 rules per list. Each rule access list allows filtering of a single
Ethertype or a range of Ethertypes.

MAC frames can be filtered based on the:

T

SNAP Ethernet field in the 802.3 header.

T

Protocol type field in the DIX Ethernet header.

For Ethertype filters, the rules are applied in the order in which they were
configured. For additional information about Ethertype filters, refer to the

Hotwire

MVL, ReachDSL/MVL, RADSL, IDSL, and SDSL Cards, Models 8310, 8312/8314,
8510/8373/8374, 8303/8304, and 8343/8344, User's Guide

.

Land Bug/Smurf Attack Prevention

Land Bug and Smurf Attack prevention are enhanced firewall features provided
by the router.

T

Land Bug – The router drops all packets received on its DSL or Ethernet
interface when the source IP address is the same as the destination IP
address. This prevents the device from being kept busy by constantly
responding to itself.

T

Smurf Attack – The router does not forward directed broadcasts on its DSL
and Ethernet interfaces, or send an ICMP echo reply to the broadcast
address. This ensures that a legitimate user will be able to use the network
connection even if ICMP echo/reply (smurf) packets are sent to the broadcast
address.

This manual is related to the following products: