Firewall Feature Description - D-Link DVX-1000 User Manual

Appendix A - Appendix
• Disallowing connections to SOCKS, X-Windows, Open-Windows & NFS ports
• Support for enabling Telnet/SSH/FTP/HTTP/HTTPS Servers
• Support for enabling NTP Client
• Refusing packets from machine claiming to have external IP address
• Refusing packets from machine having private class-A/B/C addresses
• Refusing packets having source IP address as loop back address
• Refusing malformed broadcast packets
• Refusing packets having source IP address as multicast IP Addresses
• Refusing packets having class E addresses

Firewall Feature Description

The following section discusses firewall features that the DVX-1000 offers:
Malicious DHCP Server/DHCP Server Spoofing Attack
This attack can happen only when DHCP Client is enabled. DHCP Client can be enabled or disabled selectively
Before learning the DHCP Server's IP Address, all the DHCP offers are accepted by the DHCP Client. Once the DHCP
Client learns the DHCP Server's IP Address, firewall updates the rules with DHCP Server's IP Address to allow DHCP
traffic from the specific DHCP Server.
SIP Packets
SIP packets' reception/transmission can be allowed or disallowed selectively.
RTP/RTCP Packets
RTP/RTCP packets' reception/transmission can be allowed or blocked.
Directed Broadcast
A traditional IP network has two "special" members, the subnet and network addresses. In many configurations, pinging
either IP gives the same result as pinging every IP in the network; namely, every machine replies.
Traditionally, this was used to see which devices were up or down on a network. More recently, it's used to attack other
users across the Internet. Since one ping (ICMP echo request) generates many echo replies, attackers simply pretend
the ping is coming from the victim's computer. For every fake ("spoofed") ping they send, the victim is flooded with many
replies. The directed broadcast is blocked by default.
D-Link DVX-1000 User Manual