ZyXEL P-793H v2 User Guide - Page 249
The ICMP Screen
View all ZyXEL P-793H v2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 249 highlights
Chapter 17 Remote Management 17.7 The ICMP Screen To change your P-793H v2's security settings, click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your P-793H v2, an ICMP response packet is automatically returned. This allows the outside user to know the P-793H v2 exists. Your P-793H v2 supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your P-793H v2 when unsupported ports are probed. Note: If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. Figure 114 Advanced > Remote Management > ICMP The following table describes the labels in this screen. Table 76 Advanced > Remote Management > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and errorreporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user. Respond to Ping on The P-793H v2 will not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests. Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the P-793H v2 by probing for unused ports. If you select this option, the P-793H v2 will not respond to port request(s) for unused ports, thus leaving the unused ports and the P-793H v2 unseen. If this option is not selected, the P793H v2 will reply with an ICMP port unreachable packet for a port probe on its unused UDP ports and a TCP reset packet for a port probe on its unused TCP ports. Note that the probing packets must first traverse the P-793H v2's firewall rule checks before reaching this anti-probing mechanism. Therefore if a firewall rule stops a probing packet, the P-793H v2 reacts based on the firewall rule to either send a TCP reset packet for a blocked TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. P-793H v2 User's Guide 249