H06.11 Release Version Update Compendium
Table Of Contents
- H06.11 Release Version Update Compendium
- Table of Contents
- About This Document
- 1 H06.11 Overview
- 2 Operating System
- 3 Application Development Products
- 4 Database and Transaction Processing Products
- 5 Installation and Configuration Products
- 6 Manageability Products
- 7 Hardware Products
- 8 Networking Products
- A Sources for Migration Assistance and Information
8 Networking Products
TCP/IP Security Enhancement
A new option is provided to cause XDMCPreconfigure to deny requests from a remote host.
When this feature is enabled, XDMCPreconfigure does not respond to requests from a remote
host. This new feature works by setting up filters that deny ICMP packets of type 17
(ICMP_MASKREQ). This feature enhances the security of the TCP/IPv6 subsystem.
The new security feature is disabled by default (that is, remote requests are accepted). To enable
the feature, you must explicitly enable the TCP6MON ICMP-FILTER-PKTS parameter through
SCF.
Fallback
If the new TCP/IPv6 feature does not perform correctly, you can disable it (it is disabled by
default) by disabling the ICMP-FILTER-PKTS parameter through SCF. Alternatively, you can
install the previous version of T1265/T1268, but this requires a coldload.
TCP/IP Security Enhancement 25