ZyXEL Communications ZyWall 10W User Manual page 322

ZyWALL Series Internet Security Gateway
LABEL
Do not respond
to requests for
unauthorized
services
Apply
Reset
18-30
Select this option to prevent hackers from finding the ZyWALL by probing for unused
ports. If you select this option, the ZyWALL will not respond to port request(s) for
unused ports, thus leaving the unused ports and the ZyWALL unseen. By default this
option is not selected and the ZyWALL will reply with an ICMP Port Unreachable
packet for a port probe on its unused UDP ports, and a TCP Reset packet for a port
probe on its unused TCP ports.
Note that the probing packets must first traverse the ZyWALL 's firewall mechanism
before reaching this anti-probing mechanism. Therefore if the firewall mechanism
blocks a probing packet, the ZyWALL reacts based on the firewall policy, which by
default, is to send a TCP reset packet for a blocked TCP packet. You can use the
command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks a UDP packet, it drops the packet without sending a response
packet.
Click Apply to save your customized settings and exit this screen.
Click Reset to begin configuring this screen afresh.
Table 18-8 Security
DESCRIPTION
Remote Management Screens