Ping blocking

One—not uncontroversial—way to increase security is to hide the router according to the motto: "If you can’t see me, you won’t attack me ..". Many attacks start by looking for computers and/or open ports with the help of harmless requests, e.g. with the ping command or a port scan. Any response to these requests, including the "I am not here" response, informs the attacker about a potential target. Because if you answer, you're there. To prevent this, the device can suppress the responses to these requests.

It does this by simply not responding to ICMP echo requests. At the same time, the TTL-exceeded messages used with a traceroute are suppressed, so that the device cannot be found by a ping or a traceroute.

The available settings are:

Note: For the choice of "default routes", the same tips apply as for Session recovery.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo