User`s guide

XSR User’s Guide 311

Configuring Security on the XSR

This chapter describes the security options available on the XSR including the

firewall feature set and methods to protect against hacker attacks.

Features

The following security features are supported on the XSR:

 Standard and Extended Access Control Lists (ACL)

 Protection against LANd attack: Destination IP equals Source IP

 Protection against ICMP echo to directed subnet

 Protection against UDP echo request to directed subnet broadcast

 IP packet with multicast/broadcast source address

 Spoofed address checking

 SYN flood, FIN attack mitigation

 TCP server resource release

 ICMP traffic filtering based on IP data length, IP offset, IP

fragmentation bits including:

– Fragmented ICMP traffic

– Large ICMP packets

– Ping of Death attack

 Filter TCP traffic with SYN, and FIN bits set

 AAA services

 Firewall feature set

NOTE

Activating any of the above features will affect system performance.