Manualshelf

User`s guide

ManualsBrandsZhone ManualsComputer equipmentHotwire 5446
51525354555657585960
IP Filtering
7-3
8000-A2-GB21-10
June 1997
Security Advantages
Filtering provides security advantages on LANs as described in the following
subsections.
NOTE:
All upstream traffic from an ES is forwarded by the HotWire 5446 RTU to the
DSL card unless it is addressed to another ES (in the same subnet) on the
same LAN.
Management Traffic Leakage
Filtering can be used to prevent unwanted traffic from leaking into the
management domain. That is, filtering prevents ISP packets with management IP
destinations from being accepted for local delivery or routing.
For example, if the ISP network is 155.1.00.00 and the management network is
135.1.00.00, filters can be defined that would prevent any traffic entering from the
10BaseT port from being forwarded to the 135.1.00.00 network through the DSL
card.
ISP
97-1546
0
Router
10BaseT
MCC Card
DSL Card
135.1.00.00
155.1.00.00
X
NOTE:
Filters reduce packet throughput.
For instructions on how to set filters to prevent unwanted traffic from leaking into
the management domain, see Chapter 5 of the
HotWire Digital Subscriber Line
Access Multiplexer (DSLAM) User’s Guide
.
Service Security
Filtering on the upstream DSL ports can be used to ensure that only end-user
systems with valid IP addresses are able to route traffic to the ISP domain. That
is, filtering would block traffic from being routed upstream by another end-user
system that spoofs (attempts to gain access to another system by posing as an
authorized user) an IP address of an end-user system connected to a different
HotWire 5446 RTU.