ZyXEL Communications NBG-417N User Manual page 120

Chapter 12 Firewall
Table 52 Security > Firewall > Services
LABEL
Do not respond to
requests for
unauthorized
services
Apply
Reset
120
DESCRIPTION
Select this option to prevent hackers from finding the NBG-417N by probing for
unused ports. If you select this option, the NBG-417N will not respond to port
request(s) for unused ports, thus leaving the unused ports and the NBG-417N
unseen. By default this option is not selected and the NBG-417N will reply with
an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a
TCP Reset packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG-417N's firewall
mechanism before reaching this anti-probing mechanism. Therefore if the
firewall mechanism blocks a probing packet, the NBG-417N reacts based on the
firewall policy, which by default, is to send a TCP reset packet for a blocked TCP
packet. You can use the command "sys firewall tcprst rst [on|off]" to change this
policy. When the firewall mechanism blocks a UDP packet, it drops the packet
without sending a response packet.
Click Apply to save the settings.
Click Reset to start configuring this screen again.
NBG-417N User's Guide