ZyXEL Communications HS100/HS100W manual Configuring Security, Icmp

Figure 14-8 Remote Management : Security

The following table describes the labels in this screen.

Table 14-7 Remote Management : Security

LABEL

DESCRIPTION

ICMP

Internet Control Message Protocol is a message control and error-reporting protocol

between a host server and a gateway to the Internet. ICMP uses Internet Protocol

(IP) datagrams, but the messages are processed by the TCP/IP software and directly

apparent to the application user.

Respond to Ping

The HomeSafe will not respond to any incoming Ping requests when Disable is

on

selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to

incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both

incoming LAN and WAN Ping requests.

Do not respond

Select this option to prevent hackers from finding the HomeSafe by probing for

to requests for

unused ports. If you select this option, the HomeSafe will not respond to port

unauthorized

request(s) for unused ports, thus leaving the unused ports and the HomeSafe

services

unseen. By default this option is not selected and the HomeSafe will reply with an

ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a TCP

Reset packet for a port probe on its unused TCP ports.

Note that the probing packets must first traverse the HomeSafe's firewall mechanism

before reaching this anti-probing mechanism. Therefore if the firewall mechanism

blocks a probing packet, the HomeSafe reacts based on the firewall policy, which by

default, is to send a TCP reset packet for a blocked TCP packet. You can use the

command "sys firewall tcprst rst [onoff]" to change this policy. When the firewall

mechanism blocks a UDP packet, it drops the packet without sending a response

packet.

14-10

Remote Management Screens