ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual page 315

LABEL
Respond to Ping The ZyWALL will not respond to any incoming Ping requests when Disable is
selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to
on
incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming
LAN and WAN Ping requests.
Do not respond Select this option to prevent hackers from finding the ZyWALL by probing for unused
to requests for ports. If you select this option, the ZyWALL will not respond to port request(s) for
unauthorized unused ports, thus leaving the unused ports and the ZyWALL unseen. By default this
services option is not selected and the ZyWALL will reply with an ICMP Port Unreachable
packet for a port probe on its unused UDP ports, and a TCP Reset packet for a port
probe on its unused TCP ports.
Note that the probing packets must first traverse the ZyWALL 's firewall mechanism
before reaching this anti-probing mechanism. Therefore if the firewall mechanism
blocks a probing packet, the ZyWALL reacts based on the firewall policy, which by
default, is to send a TCP reset packet for a blocked TCP packet. You can use the
command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks a UDP packet, it drops the packet without sending a response
packet.
Apply Click Apply to save your customized settings and exit this screen.
Click Reset to begin configuring this screen afresh.
Reset
Remote Management Screens
Table 17-8 Security
DESCRIPTION
ZyWALL 2 Series User's Guide
17-29