Other Security Features
Page 42 7705 SAR OS System Management Guide
When using SCP to copy files from an external device to the file system, the 7705 SAR SCP
server will accept either forward slash (“/”) or backslash (“\”) characters to delimit directory
and/or filenames. Similarly, the 7705 SAR SCP client application can use either slash or
backslash characters, but not all SCP clients treat backslash characters as equivalent to slash
characters. In particular, UNIX systems will often interpret the backslash character as an
“escape” character, which does not get transmitted to the 7705 SAR SCP server. For
example, a destination directory specified as “cf3:\dir1\file1” will be transmitted to the
7705 SAR SCP server as “cf3:dir1file1” where the backslash escape characters are stripped
by the SCP client system before transmission. On systems where the client treats the
backslash like an “escape” character, a double backslash “\\” or the forward slash “/” can
typically be used to properly delimit directories and the filename.
CSM Filters and CSM Security
In previous releases of the 7705 SAR, all traffic received by the router was destined for the
router itself. All received IP packets were extracted to the CSM for processing. Rather than
using CSM filters, basic IP filters were used to protect the control plane from DoS attacks,
unauthorized access to the node, and similar security breaches.
In Release 2.0, with the introduction of IP forwarding, IP filters applied to network
interfaces have been enhanced, and CSM filters have been introduced that apply to IP
packets extracted to the control plane.
IP filters scan all traffic and take the appropriate (configured) action against matching
packets. Packets that are not filtered by the IP filters and are destined for the SAR are
scanned by the configured CSM filter.
For information on IP filters, refer to the 7705 SAR OS Router Configuration Guide.
CSM filters drop or accept incoming packets based on the following match criteria:
• DSCP name
• destination IP address
• destination port
• fragmentation
•ICMP code
•ICMP type
• IP option value
Note: Although the Control and Switching module on the 7705 SAR is called a CSM, the
CSM filters are referred to as CPM filters in the CLI in order to maintain consistency with
other SR routers.
To Next Page
Loading...
