ZyWALL 5/35/70 Series User’s Guide
11.9 Anti-Probing
If an outside user attempts to probe an unsupported port on your ZyWALL, an ICMP response packet is automatically returned. This allows the outside user to know the ZyWALL exists. The ZyWALL supports
Internet Control Message Protocol (ICMP) is a message control and
Click SECURITY, FIREWALL, then the
Figure 100
The following table describes the labels in this screen.
Table 71
LABEL | DESCRIPTION |
|
|
Respond to PING | The ZyWALL does not respond to any incoming Ping requests when Disable is |
on | selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply |
| to incoming WAN Ping requests. Select DMZ to reply to incoming DMZ Ping |
| requests. Select WLAN to reply to incoming WLAN Ping requests. Otherwise |
| select ALL to reply to both incoming LAN and WAN and DMZ and WLAN Ping |
| requests. |
Do not respond to | Select this option to prevent hackers from finding the ZyWALL by probing for |
requests for | unused ports. If you select this option, the ZyWALL will not respond to port |
unauthorized | request(s) for unused ports, thus leaving the unused ports and the ZyWALL |
services. | unseen. By default this option is not selected and the ZyWALL will reply with an |
| ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a |
| TCP Reset packet for a port probe on its unused TCP ports. |
| Note that the probing packets must first traverse the ZyWALL's firewall mechanism |
| before reaching this |
| blocks a probing packet, the ZyWALL reacts based on the corresponding firewall |
| policy to send a TCP reset packet for a blocked TCP packet or an ICMP port- |
| unreachable packet for a blocked UDP packets or just drop the packets without |
| sending a response packet. |
Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
Reset | Click Reset to begin configuring this screen afresh. |
|
|
Chapter 11 Firewall Screens | 226 |