Apart from ICMP messages, also the behavior in case of TCP and UDP connections gives information on the existence or non-existence of the addressed workstation. Depending on the surrounding network it can be useful to simply reject TCP and UDP packets instead of answering with a TCP RESET resp. an ICMP message (port unreachable), if no listener for the respective port exists. The desired behavior can be adjusted in the LANCOM.
Note: If ports without listener are hidden, this generates a problem
on masked connections, since the "authenticate" - resp. "ident" service
does no longer function properly (resp. do no longer correctly reject).
The appropriate port can so be treated separately.
Possible settings are:
- Off: All ports are closed and TCP packets are answered with a TCP reset.
- Always: All ports are hidden and TCP packets are silently discarded.
- WAN only: On the WAN side all ports are hidden and on the LAN side closed.
- Default route only: Ports are hidden on the default route (usually Internet) and closed on all other routes.