1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DVX-1000
    5. /
  5. 17
Page 81 / 96 Scroll up to view Page 76 - 80
·1
D-Link DVX-1000 User Manual
Section ´ - Frequently Asked Questions
21. Can I configure features to work across offices with Remote office connectivity?
Features such as ‘Call Forward’, ‘Follow me’ and hunt groups cannot be configured across offices. Remote office
locations are generally connected over the public internet. Security considerations warrant that call features that entail
automatic transfer across locations be avoided to discourage eavesdropping and service theft.
22. Why do Voicemail and Auto attendant calls fail immediately after I change the respective extensions?
The change in Auto Attendant and voicemail extensions are updated to the running configuration after a refresh interval.
This refresh can take as much as 5 minutes in the worst case.
23. Why don’t conferences end when system parameters such as IP and time are changed?
Changing system parameters such as system IP, time and ports are not recommended when calls or conferences are
active. The graceful termination of these calls and conferences are purely best effort and depend on the state of the
calls, restart intervals for each of the servers and existing network conditions which cannot be predicted and hence
cannot be guaranteed.
24. Why don’t I see voicemail notifications in my mailbox even though I have enabled the feature?
There are two reasons why this could happen.
1. If the email id configured for the user is incorrect, the mail will be sent to the next hop and will appear to have
been successfully sent as far as the voicemail server is concerned; this mail could fail on a subsequent hop
and might not be delivered.
2. If the Administrative user’s mail id is not valid on the domain it is sent from, then the mail could be detected as
Spam and delivered to your Spam mails folder. Please make sure that the administrator has a valid mail id or
add the administrator’s mail id to your trusted list.
25. Can I use public SMTP servers configuring voicemail notifications?
DVX-1000 can be configured to use public domain SMTP servers which do not require authentication. Please note that
SMTP client on DVX-1000 does not support authentication.
Page 82 / 96
·±
D-Link DVX-1000 User Manual
Section ´ - Frequently Asked Questions
26. When I upload a voice prompt with the correct format DVX says “Invalid file”?
Please check the file size, the maximum file size for prompt upload is 200 KB.
27. Why does the traceroute command never work?
The firewall has to be stopped for traceroute to work correctly. See stopFirewall command for more information.
28. Can I dial into DVX-1000 through a gateway and call an external (not registered to DVX-1000) number?
Calls that come in through gateways can only call extensions that are directly registered to DVX-1000. This restriction
is placed to avoid service theft.
Page 83 / 96
·²
D-Link DVX-1000 User Manual
Appendix A - Appendix
Appendix
Firewa l
Firewall Feature List
• Blocking malicious DHCP Server
• Allowing/blocking SIP packets
• Allowing/blocking RTP/RTCP packets
• Refusing directed broadcast
• Refusing limited broadcast
• Disallowing packets which can be used for port scanning, based on
• All bits of TCP flag are cleared
• SYN & FIN bits set
• SYN & RST bits set
• FIN & RST bits sets
• FIN set while ACK is not
• PSH set while ACK is not
• URG set while ACK is not
• SYN Flood attack where out of SYN, ACK and RST bits only SYN is set
• Enabling broadcast echo protection
• Disable source routed packets
• Enabling TCP SYN cookie protection
• Disable ICMP Redirect Acceptance
• Disable sending ICMP redirect messages
• Refuse connection from IANA-reserved blocks
• Allowing source quench messages (ICMP)
• Allowing parameter problem messages (ICMP)
• Allowing destination unreachable, service unavailable messages (ICMP)
• Allowing time exceeded messages (ICMP)
• Allowing ping (ICMP)
Page 84 / 96
·³
D-Link DVX-1000 User Manual
Appendix A - Appendix
• Disallowing connections to SOCKS, X-Windows, Open-Windows & NFS ports
• Support for enabling Telnet/SSH/FTP/HTTP/HTTPS Servers
• Support for enabling NTP Client
• Refusing packets from machine claiming to have external IP address
• Refusing packets from machine having private class-A/B/C addresses
• Refusing packets having source IP address as loop back address
• Refusing malformed broadcast packets
• Refusing packets having source IP address as multicast IP Addresses
• Refusing packets having class E addresses
Firewall Feature Description
The following section discusses firewall features that the DVX-1000 offers:
Malicious DHCP Server/DHCP Server Spoofing Attack
This attack can happen only when DHCP Client is enabled. DHCP Client can be enabled or disabled selectively
Before learning the DHCP Server’s IP Address, all the DHCP offers are accepted by the DHCP Client. Once the DHCP
Client learns the DHCP Server’s IP Address, firewall updates the rules with DHCP Server’s IP Address to allow DHCP
traffic from the specific DHCP Server.
SIP Packets
SIP packets’ reception/transmission can be allowed or disallowed selectively.
RTP/RTCP Packets
RTP/RTCP packets’ reception/transmission can be allowed or blocked.
Directed Broadcast
A traditional IP network has two “special” members, the subnet and network addresses. In many configurations, pinging
either IP gives the same result as pinging every IP in the network; namely, every machine replies.
Traditionally, this was used to see which devices were up or down on a network. More recently, it’s used to attack other
users across the Internet. Since one ping (ICMP echo request) generates many echo replies, attackers simply pretend
the ping is coming from the victim’s computer. For every fake (“spoofed”) ping they send, the victim is flooded with many
replies. The directed broadcast is blocked by default.
Page 85 / 96
·´
D-Link DVX-1000 User Manual
Appendix A - Appendix
Limited Broadcast
The limited broadcast is blocked.
Port Scanning
For disallowing an intruder from obtaining information on the ports opened on the system. Port scanning is blocked
and is implemented by using ScanD chain.
Broadcast Echo Protection
The system is protected against broadcast echo requests, since an attacker may try to create a denial of service attack
on subnets by sending many broadcast echo requests to which all systems will respond. This also provides information
on systems that are available on the network. The system blocks ICMP Echo broadcast requests.
Source routed packets
Source routed packets are blocked on all the available interfaces.
TCP SYN cookie protection
A SYN Attack is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot.
Denial of service attacks -attacks which incapacitate a server due to high traffic volume or ones that tie-up system
resources enough that the server cannot respond to a legitimate connection request from a remote system) are easily
achievable from internal resources or external connections via extranets and Internet.
The system is protected against TCP SYN attacks.
ICMP Redirect Acceptance
An ICMP Redirect tells the recipient system to over-ride something in its routing table. It is legitimately used by routers
to tell hosts that the host is using a non-optimal or defunct route to a particular destination, i.e. the host is sending it to
the wrong router. The wrong router sends the host back an ICMP Redirect packet that tells the host what the correct
route should be. If the attacker can forge ICMP Redirect packets, and if the target host pays attention to them, the
attacker can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow
via a path the network manager didn’t intend. ICMP Redirects are also employed for denial of service attacks, where
a host is sent a route that loses it connectivity. For protecting against this, the ICMP redirect is not accepted.

Rate

4 / 5 based on 1 vote.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top