1. Field of the Invention
The present invention relates to a communication apparatus having a communication function, a control method for the communication apparatus, and a computer-readable storage medium storing a program for implementing the method, and more particularly to a network security technique for a communication apparatus.
2. Description of the Related Art
Networking equipment installed with the TCP/IP protocol supports the ICMP Echo protocol.
The ICMP Echo protocol is a simple protocol that transmits an ICMP Echo Request packet to networking equipment at a transmission destination, and upon receiving this packet, the networking equipment sends back a response with an ICMP Echo Request packet.
The ICMP Echo protocol is generally used to check if communication with networking equipment at a transmission destination is possible, check if communication paths present any problem, and measure the time for response from networking equipment at a transmission destination, and is used as a means for checking communication status.
Moreover, techniques using the ICMP Echo protocol as instruction commands for networking equipment have been proposed.
For example, a technique that monitoring equipment creates a statistical information header, and an ICMP Echo Request packet including the created statistical information header as a payload of ICMP Echo is transmitted to equipment to be monitored (Japanese Laid-Open Patent Publication (Kokai) No. 2005-286458).
According to this proposal, when the equipment to be monitored which has received the ICMP Echo Request packet determines that a normal statistical information header is stored, a network from which statistical information should be taken out is identified.
Then, the equipment to be monitored obtains statistical information from a storage device, writes the statistical information in a payload of ICMP Echo and sends back the same. Upon determining that normal statistical information is stored in the payload of the sent-back ICMP Echo Reply, the monitoring equipment takes out the statistical information and stores the same in a storage device. Therefore, as compared to cases where SNMP is used, statistical information can be collected from a small-sized device having a small memory capacity at lower cost, and more statistical information can be collected.
However, when the ICMP Echo protocol is used, a malicious third party can confirm the presence of networking equipment by issuing a Ping command or the like from an external network, and hence the ICMP Echo protocol may be undesirable in terms of security for networking equipment.
Moreover, a universal OS has a means for disabling an ICMP Echo Reply to an ICMP Echo Request so as to make it difficult to detect the presence of networking equipment, but when an ICMP Echo Reply to an ICMP Echo Request is disabled, it becomes impossible to check communication status or the like.