Ultra Secure Mode
Polycom®, Inc. 871
Internet Control Message Protocol (ICMP)
ICMP (Internet Control Message Protocol) is used to send messages between networked entities. It is
typically used to send and receive information concerning:
● Communications errors in network applications
● Remote host reachability and availability
● Network congestion (latency)
● Traffic redirection
Malicious devices can however use these capabilities in order to divert, intercept, detect, network traffic.
The following System Flags have been added to enable the administrator to control ICMP Redirect and
Destination Unreachable messages:
● ENABLE_ACCEPTING_ICMP_REDIRECT
● ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE
By setting the value of these flags to NO the risk of malicious behavior can be mitigated.
For a full description of ICMP see RFC 792.
Guidelines
● Both flags apply to all MCU platforms: RealPresence Collaboration Server (RMX) 1500/2000/4000/
1800).
● Both flags apply to all Ethernet connections: Management, Signaling, Media, Modem, etc.
System Flag: ENABLE_ACCEPTING_ICMP_REDIRECT
This System Flag enables the administrator to control whether the RMX accepts or rejects ICMP Redirect
Messages (ICMP message type #5), typically used to instruct routers to redirect network traffic through
alternate network elements.
● Range: YES / NO
● Default:
Ultra Secure Mode: NO - Redirect messages or ignored.
Default Security Mode: YES - Redirect messages are accepted.
System Flag: ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE
This System Flag enables the administrator to control whether the RMX sends ICMP Destination
Unreachable Messages (ICMP message type #3).
Destination Unreachable Messages are sent when the RMX receives a UDP packet on a port configured
for TCP, or receives a UDP packet on a port configured for TCP, or when, in real time, a packet is not
processed in the prescribed time interval. The prescribed time interval is determined by the comparison of
timestamps. The timestamp is a 32-bit field, representing milliseconds since midnight UT. For detailed
timestamp information see RFC 792.
The Destination Unreachable Message may also be sent when Network or Host is unreachable (sent by the
router) or the Port is unreachable (sent by the RMX).
● Range: YES / NO