MCP Security Overview and Implementation Guide
TCP/IP Network Security Features

Dynamic Port Filtering

Dynamic port filtering (DPF) enables you to configure MCP networking devices to prevent unwanted TCP and UDP traffic from reaching the MCP host. This configuration can help prevent a Denial of Service attack on the MCP host by ensuring that port scans do not cause excess overhead.

To discard (filter) unwanted traffic, the MCP tells the networking devices which ports are accepting connections and data. The list of port numbers includes those associated with registered DSSes. The data on these ports is the only data forwarded to the MCP host. All other data is filtered and logged.

To use dynamic port filtering, enter the NW TCPIP OPTION command with the DYNAMICPORTFILTER (DPF) option enabled as follows:

NW TCPIP OPT + DPF

DPF is enabled by default.

To disable DPF, enter the following:

NW TCPIP OPT - DPF

Prev	Up	Next
Port Filtering	Home	Broadcast Filtering

MCP Security Overview and Implementation GuideTCP/IP Network Security Features

Dynamic Port Filtering

MCP Security Overview and Implementation Guide
TCP/IP Network Security Features