D-Link DVX 1000 Product Manual - Page 85
Limited Broadcast, Port Scanning, Broadcast Echo Protection, Source routed packets, TCP SYN cookie
![]() |
UPC - 790069286056
View all D-Link DVX 1000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 85 highlights
Appendix A - Appendix Limited Broadcast The limited broadcast is blocked. Port Scanning For disallowing an intruder from obtaining information on the ports opened on the system. Port scanning is blocked and is implemented by using ScanD chain. Broadcast Echo Protection The system is protected against broadcast echo requests, since an attacker may try to create a denial of service attack on subnets by sending many broadcast echo requests to which all systems will respond. This also provides information on systems that are available on the network. The system blocks ICMP Echo broadcast requests. Source routed packets Source routed packets are blocked on all the available interfaces. TCP SYN cookie protection A SYN Attack is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot. Denial of service attacks -attacks which incapacitate a server due to high traffic volume or ones that tie-up system resources enough that the server cannot respond to a legitimate connection request from a remote system) are easily achievable from internal resources or external connections via extranets and Internet. The system is protected against TCP SYN attacks. ICMP Redirect Acceptance An ICMP Redirect tells the recipient system to over-ride something in its routing table. It is legitimately used by routers to tell hosts that the host is using a non-optimal or defunct route to a particular destination, i.e. the host is sending it to the wrong router. The wrong router sends the host back an ICMP Redirect packet that tells the host what the correct route should be. If the attacker can forge ICMP Redirect packets, and if the target host pays attention to them, the attacker can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path the network manager didn't intend. ICMP Redirects are also employed for denial of service attacks, where a host is sent a route that loses it connectivity. For protecting against this, the ICMP redirect is not accepted. D-Link DVX-1000 User Manual 85
![](/manual_guide/products/dlink-dvx-1000-product-manual-025c8ee/85.png)