RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide
23-52 Polycom, Inc.
• Traffic redirection
Malicious devices can however use these capabilities in order to divert, intercept, detect,
network traffic.
The following System Flags have been added to enable the administrator to control ICMP
Redirect and Destination Unreachable messages:
• ENABLE_ACCEPTING_ICMP_REDIRECT
• ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE
By setting the value of these flags to NO the risk of malicious behavior can be mitigated.
For a full description of ICMP see RFC 792.
Guidelines
• Both flags apply to all MCU platforms: RealPresence Collaboration Server (RMX) 1500/
2000/4000/RealPresence Collaboration Server (RMX) 1800/RealPresence Collaboration
Server (RPCS) 800s).
• Both flags apply to all Ethernet connections: Management, Signaling, Media,
Modem, etc.
System Flag: ENABLE_ACCEPTING_ICMP_REDIRECT
This System Flag enables the administrator to control whether the RMX accepts or rejects
ICMP Redirect Messages (ICMP message type #5), typically used to instruct routers to
redirect network traffic through alternate network elements.
• Range: YES / NO
• Default:
— Ultra Secure Mode: NO - Redirect messages or ignored.
— Default Security Mode: YES - Redirect messages are accepted.