ZyXEL Communications P-2602R-DxA Series User Manual
P-2602R/RL-DxA Series User’s Guide
210
Chapter 18 Remote Management Configuration
If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP
response packet is automatically returned. This allows the outside user to know the ZyXEL
Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response
packet from being sent. This keeps outsiders from discovering your ZyXEL Device when
unsupported ports are probed.
response packet is automatically returned. This allows the outside user to know the ZyXEL
Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response
packet from being sent. This keeps outsiders from discovering your ZyXEL Device when
unsupported ports are probed.
Note: If you want your device to respond to pings and requests for unauthorized
services, you may also need to configure the firewall anti probing settings to
match.
match.
Figure 107 Remote Management: ICMP
The following table describes the labels in this screen.
Table 80 Remote Management: ICMP
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-reporting
protocol between a host server and a gateway to the Internet. ICMP uses Internet
Protocol (IP) datagrams, but the messages are processed by the TCP/IP software
and directly apparent to the application user.
Respond to Ping
on
The ZyXEL Device will not respond to any incoming Ping requests when Disable is
selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply
to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both
incoming LAN and WAN Ping requests.
Do not respond to
requests for
unauthorized
services
Select this option to prevent hackers from finding the ZyXEL Device by probing for
unused ports. If you select this option, the ZyXEL Device will not respond to port
request(s) for unused ports, thus leaving the unused ports and the ZyXEL Device
unseen. By default this option is not selected and the ZyXEL Device will reply with
an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a
TCP Reset packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the ZyXEL Device's firewall
Note that the probing packets must first traverse the ZyXEL Device's firewall
mechanism before reaching this anti-probing mechanism. Therefore if the firewall
mechanism blocks a probing packet, the ZyXEL Device reacts based on the firewall
policy, which by default, is to send a TCP reset packet for a blocked TCP packet.
You can use the command "
sys firewall tcprst rst [on|off]
" to
change this policy. When the firewall mechanism blocks a UDP packet, it drops the
packet without sending a response packet.
Apply
Click Apply to save your customized settings and exit this screen.
Cancel
Click Cancel to begin configuring this screen afresh.