This test checks that a customer cannot send any unsupported protocols (Ethertypes) into the access network. All packets from unsupported protocols must be silently dropped when received.
If IPv4 is in use, packets with Ethertype 0×0800 (IPv4) and 0×0806 (ARP) should be accepted.
If IPv6 is in use, packets with Ethertype 0×86dd (IPv6) should be accepted.
Impact: MITM, DoS
- Malicious sends packets with different Ethertypes to ISP:
- Frame Relay ARP
- Raw Frame Relay
- DEC LANBridge
- IBM SNA
- Appletalk ARP
- Novell 8137
- Novell 8138
- PPPoE Session State
- PPPoE Discovery State
- 3COM XNS Sys Mgmt
- 3COM TCP-IP Sys
- 3COM loop detect
- Ethernet 802.3 100 bytes
- Ethernet 802.3 500 bytes
- Ethernet 802.3 1000 bytes
- Any packet with a disallowed Ethertype arrives at ISP.
This test conforms to SEC Access Certification ID "SEC-CM-OTHER-1".
- Malicious Customer: A customer interface performing malicious actions.
- Customer: An interface acting as a customer that Malicious Customer will affect.
- ISP: A central node on a trusted port. The test requires that the ISP reside in the same Layer 2 network as the customers.
- Check type: Here you decide whether or not specific Ethertypes should be tested. All tested Ethertypes need to be blocked. The default is Yes for all Ethertypes.