Avaya 3.7 User Manual
Overview of implementation
28 Avaya VPNmanager Configuration Guide Release 3.7
Ping of Death. - The ping of death sends packets with invalid lengths. When the receiving
system attempts to rebuild the packets, the system crashes because the packet length exhausts
the available memory.
system attempts to rebuild the packets, the system crashes because the packet length exhausts
the available memory.
IP Spoofing. - This attack sends an IP packet with an invalid IP address. If the system accepts
this IP address, the attacker appears to reside on the private side of the security gateway. The
attacker is actually on the public side, and bypasses the firewall rules of the private side.
this IP address, the attacker appears to reside on the private side of the security gateway. The
attacker is actually on the public side, and bypasses the firewall rules of the private side.
Smurf Attack. - This attack floods the system with broadcast IP packet pings. If the flood is
large enough and long enough, the attacked host is unable to receive or distinguish real traffic.
large enough and long enough, the attacked host is unable to receive or distinguish real traffic.
Tear Drop. - This attack sends IP fragments to the system that the receiving system cannot
reassemble and the system can crash.
reassemble and the system can crash.
Flood Attack. - This attack floods the system with TCP connection requests, which exhausts
the memory and the processing resources of the firewall. Flood attacks also attack the UDP
ports. This attack attempts to flood the network by exhausting the available network bandwidth.
the memory and the processing resources of the firewall. Flood attacks also attack the UDP
ports. This attack attempts to flood the network by exhausting the available network bandwidth.
WinNuke Attack. - This attack attempts to completely disable networking on computers that
are running Windows 95 or Windows NT. This attack can be swift and crippling because it uses
common Microsoft NetBIOS services.
are running Windows 95 or Windows NT. This attack can be swift and crippling because it uses
common Microsoft NetBIOS services.
Buffer Overflow. - This attack overflows the internal buffers of the application by sending more
traffic than the buffers can process.
traffic than the buffers can process.
QoS
Quality of Service (QoS) allows you to classify and prioritize traffic based on DHCP values and
TCP/IP services and networks. The bandwidth available to a class of traffic can be allotted to a
specific percentage of the total upstream bandwidth. Configuring QoS allows VoIP traffic to
receive a higher priority. If QoS is disabled, all traffic receives the same priority.
TCP/IP services and networks. The bandwidth available to a class of traffic can be allotted to a
specific percentage of the total upstream bandwidth. Configuring QoS allows VoIP traffic to
receive a higher priority. If QoS is disabled, all traffic receives the same priority.
VoIP
The security gateway can be configured to protect and enable the communication of VoIP
telephones either within a VPN or firewall. The security gateway can be configured to secure
Avaya Multivantage™ and IP Office™ VoIP solutions as follows:
telephones either within a VPN or firewall. The security gateway can be configured to secure
Avaya Multivantage™ and IP Office™ VoIP solutions as follows:
●
Secure site-to-site voice trunks such as between headquarters and branch offices or
between main offices and home offices using VPNs.
between main offices and home offices using VPNs.
●
Secure VoIP servers or endpoints (IP telephones) by providing perimeter security using
the VoIP aware firewall filtering that is able to dynamically open and close all ports required
to pass VoIP communication between servers and endpoints
the VoIP aware firewall filtering that is able to dynamically open and close all ports required
to pass VoIP communication between servers and endpoints