beautypg.com

Zgate packet filtering, Static filtering – Zilog EZ80F91GA User Manual

Page 35

background image

UM024502-1012

Static Filtering

ZGATE Embedded Security Development Kit

User Manual

23

ZGATE Packet Filtering

ZGATE is designed to protect networked devices from unwanted and potentially mali-
cious packets by filtering incoming packets before they are processed by ZTP. The
ZGATE packet filtering criteria is initially determined by the ZTP application developer
when the project is created. At the discretion of the application developer, this ZGATE fil-
tering criteria can also be modified at run time by including the sample set of ZGATE shell
commands, the sample ZGATE configuration website, or other utilities created by the
application developer using the ZGATE API.

ZGATE supports static filtering and Stateful Packet Inspection (SPI) filtering. Threshold
filtering is also provided in select ZGATE builds.

ZGATE augments the ZTP stack with a packet filter to control which packets are pro-
cessed by ZTP. Static filtering blocks packets based on TCP/UDP port number, IP address,
IP protocol, Ethernet MAC address or Ethernet frame type.

SPI maintains information about the state of each connection and uses that information to
make filtering decisions. This maintenance allows ZGATE to block packets with improper
state information (such as TCP SYN flood attacks) and supports dynamic port allocation
protocols.

Threshold-based filtering monitors for surges in traffic from a specific IP address and pro-
tects against Denial of Service (DoS) attacks and packet floods.

ZGATE can optionally be configured to log events to a file or to the ZTP console. When
logging is enabled, a log entry will be created each time a packet is blocked.

Static Filtering

Static filtering functions by examining each packet and determining if the packet should
be blocked based on the information in that packet. Static filtering can be based on a vari-
ety of criteria including:

Ethernet Address.

Blocks packets based on the sender’s Ethernet MAC address.

Ethernet Frame Type.

Blocks packets based on the Ethernet frame type.

Port Number.

Blocks packets based on the target TCP or UDP port number.

IP Address.

Blocks packets based on source IP address.

IP Protocol.

Blocks packets based on the IP protocol.

ZGATE provides whitelist or blacklist filtering for each static filtering criterion indepen-
dently. For example, Ethernet MAC addresses can be configured for blacklist filtering

See also other documents in the category Zilog Sensors: