Frequent use of PING commands can cause network congestion, reduce transmission efficiency, and generally deny users ping servers in order to avoid malicious network attacks. For this to happen, not only can you set it up in a firewall, you can set it up on a router, but you can also take advantage of the capabilities of the Windows 2000/2003 system itself. Either way, the deny ping action is implemented by prohibiting the use of the ICMP protocol. For example, to set IP policy in Windows Server 2003 to deny users ping servers, take the following steps:
1. Add IP Filter
Step 1th, click Start/admin tools/Local Security policy, and then open the Local Security Settings window. Right-click the IP Security Policy, local computer option in the left pane to perform the Manage IP filter table and filter actions shortcut commands. In the Manage IP filter lists option, click the Add button to name this filter as "No ping", the description language can be "ping my host on any other computer", and then click the Add button, as shown in the figure.
Add IP Filter
The 2nd step, click Next, and then the Next button, select IP Traffic source address as my IP address, click Next button, select IP address destination as any IP addresses, click Next, select IP protocol type as ICMP, and click Next to move to this button. Click the finish → OK button to finish adding, as shown in the figure.
Select IP protocol type
Step 3rd, switch to the Manage Filter Actions tab, click the Add → Next button, and the named filter action name is block all connections, the description language can be block all network connections, click Next, and select the Block option as the action behavior for this filter. Finally click next → finish → close to complete all additions, as shown in the figure.
To set the behavior of a filter action
2. Create an IP Security policy.
Right-click the IP Security Policy, local computer option in the console tree, perform the Create IP Security Policy Shortcut command, and then click Next. Name this IP security policy to "Prohibit Ping hosts", describing the language as "rejecting ping requests from any other computer" and clicking the Next button. Then click the Next button if you check the "Activate Default response rule" option. In the default Response Rule Authentication Method dialog box, select the use this string to protect key exchange option, and in the text box below, type a string such as "NO PING" and click Next. Finally, click the Finish button to finish creating the edit properties, as shown in the figure.
Setting authentication Methods
3. Configure IP Security policy.
In the open Prohibit Ping Host Properties dialog box, click the Add/Next button in the Rules tab, select "This rule does not specify a tunnel" by default and click Next button; Click "All network Connections" to ensure that all computers are not pinging the host and clicking the Next button. In the IP Filter list box, select "No ping". Click the Next button, select Block all connections in the Filter action list box, click Next, and then cancel the Edit Properties option and click Finish to end the configuration, as shown in the figure.
Select IP Filter
4. Assign IP Security policy.
After the security policy has been created, it does not take effect immediately, but it also needs to be "assigned" to make it work. Right-click the "Prohibit Ping host" policy in the right pane of the Local Security Settings window to enable the policy by executing the Assign command, as shown in the figure.
assigning IP Security Policies
After such a setup, the server has the ability to deny any other computer a ping of its own IP address, but the local ping itself is still available.