One - not undisputed - method to increase security is hiding the router. Based loosely on the method: “Who doesn’t see me neither tries to attack me...”. Many attacks begin with the searching for workstations and/or open ports by actual harmless inquiries, e. g. with the help of the “ping” command or with a portscan. Each answer to these inquiries, even the answer “I’m not here” indicates to the attacker that he has found a potential destination. Because anybody who answers must be existing, too. In order to prevent this conclusion, the LANCOM is able to suppress the answers to these inquiries.
In order to achieve this, the LANCOM can be instructed not to answer ICMP echo requests any more. At the same time TTL-exceeded messages of a "trace route" are also suppressed, so that the LANCOM cannot be found, neither by "ping" nor by "trace route".
Possible settings are:
- Off: ICMP answers are not blocked.
- Always: ICMP answers are always blocked.
- WAN only: ICMP answers are blocked on all WAN connections.
- Default route only: ICMP answers are blocked on default route (usually Internet).