Chapter 10 Firewall
LTE7410 User’s Guide
68
RFC 4890 SPEC Traffic
RFC 4890 specifies the filtering policies for ICMPv6 messages. This is important for protecting
against security threats including DoS, probing, redirection attacks and renumbering attacks that
can be carried out through ICMPv6. Since ICMPv6 error messages are critical for establishing and
maintaining communications, filtering policy focuses on ICMPv6 informational messages.
Anti-Probing
If an outside user attempts to probe an unsupported port on your LTE Device, an ICMP response
packet is automatically returned. This allows the outside user to know the LTE Device exists. The
LTE Device supports anti-probing, which prevents the ICMP response packet from being sent. This
keeps outsiders from discovering your LTE Device when unsupported ports are probed.
ICMP
Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams,
but the messages are processed by the TCP/IP software and directly apparent to the application
user.
DoS Thresholds
For DoS attacks, the LTE Device uses thresholds to determine when to drop sessions that do not
become fully established. These thresholds apply globally to all sessions. You can use the default
threshold values, or you can change them to values more suitable to your security requirements.
10.2 Firewall General Screen
Use this screen to select the firewall protection level on the LTE Device. Click Security > Firewall
> General to display the following screen.
Figure 49 Security > Firewall > General
To Next Page
Loading...
