Manualshelf

Product specifications

ManualsBrandsDialogic ManualsMusical equipment4000 Session
21222324252627282930
Dialogic® BorderNet™ 4000 SBC Product Description Document
22
Fragmented IP Consistency Checks
Valid IP packet fragmentation, transmission, and reassembly are supported as per RFC 791.
Each fragmented packet is checked to ensure validity. The BorderNet 4000 SBC drops any
IP packet that fails one of the following consistency checks:
Fragment length overflowthe reassembled packet length, header and data is larger
than 65,535 octets
Fragment is too small—the minimum size of the first fragment is less than 160 bytes
Overlapping fragments
Maximum number of fragments exceeds 70
Protocol Consistency Checks
IP standards provide protocol guidelines that detect and filter non-conforming or malicious
packets. The BorderNet 4000 SBC validates every incoming packet against the following
guidelines:
TCP/UDP Protocol
o Drops packets with fragmented TCP headers
o Drops packets if the source or destination port equals zero (reserved value)
ICMP Protocol
o Verifies the minimum packet length according to ICMP type
o Drops packets that exceed the fragment length overflow limit (65,535 octets)
Additionally, the BorderNet 4000 SBC handles known TCP/IP vulnerabilities such as:
LAND attacks (sending packets with the same source and destination hosts/ports)
TCP XMAS/NULL/FIN (stealth scans)
TCP bad sequence (packets attacking orphaned open sessions)
Ping of Death attacks (malformed ping packets)
SYN flooding (TCP/SYN packet flooding)
ICMP flooding (sends packets via the broadcast network address)
"PEPSI" attacks (a UDP attack on diagnostic ports)
"Rose" attacks (only initial fragment flooding)
"Tear Drop" attacks (IP fragment overlapping)
"Boink" attacks (reassembly with different offsets and oversize)
"Nestea" attacks (IP fragments to Linux systems)
"Syndrop" attacks (TCP SYN fragments reassembly with overlapping)
"Jolt" attacks (ICMP incomplete fragment)
Access Control Lists
Access Control Lists (ACLs) selectively allow or deny traffic from specified remote entities.
An operator can create a set of static filtering rules to accept or block traffic, and the
BorderNet 4000 SBC creates service-specific ACLs based on other configurations. These
service-aware ACLs enable fine-grain control over BorderNet 4000 SBC traffic and prevent
DoS attacks.