Do not let others Ping server

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

The frequent use of the Ping command will lead to lower transmission efficiency, network congestion, in order to avoid malicious network attack, usually deny users access the Ping server. To achieve this one goal, not only in the firewall in the set, can also be set on the router, and Windows can also be used to realize the function of 2000/2003 system. Either way, it is through the prohibition of the use of ICMP protocol to realize the rejected Ping action. In the Windows Server 2003 setup IP refusal strategies user Ping server as an example, the concrete steps are as follows:

1.Add IP filter
The first step, click the "start / management tools / local security policy", open the "local security settings" window. IP security policy right click the left pane ", on the local computer" option, the implementation of the "management of the IP filter lists and filter operation" shortcut. In the "management of the IP filter list" option to click the "add" button, naming the filter name as "no PING", description language for "prohibit any other computer PING my host", then click "add" button, as shown in Fig.
Click the image for a larger viewAdd IP filter

The second step, click the "next" → "next" button, select "IP communication source address" for "my IP address", click "next" button; choose "IP communication target address" as "any IP address", click "next" button select the "; IP protocol type" ICMP, click "next" button. Click "finish" → "OK" button to end add, as shown in Fig.
Click the image for a larger viewSelect the IP protocol type

The third step, Switch to the "management of the filter action" tab, Click the "add" &rarr "next" button;, A named filter operation name as "block all connections", Description language for "block all the network connection", Click the "next" button; click "stop" option as the operation of this filter, Finally, click "next" → "complete" → "off" button to finish all the add operation, As shown in Fig.
Click the image for a larger viewSet the filter action behavior

2.Create IP security policy.
IP security policy right click the console tree ", on the local computer" option, the implementation of the "create IP security strategy" the shortcut command, then click "next" button. Name this IP security policy for the "Prohibition of PING host", describing language as "refused to any other computer PING requirements" and click the "next" button. Then check the "activate the default response rule under the premise of" click "next" button. In "the default response rule authentication method" dialog box select "use this string to protect key exchange" option, and type in the text box below a string such as "NO PING", click "next" button. Finally, in the select "edit properties under the premise of" click "finish" button to end to create, as shown in Fig.
Click the image for a larger viewSets the authentication method

3.Configure IP security policy.
In the open "ban PING host properties" dialog box "rules" tab and click the "add / next" button, the default click "this rule does not specify the tunnel" and click the "next" button; click "network connection" to ensure that all the computer PING. The host computer, click "next" button. In "the IP filter list" box select "disable PING", click "next" button; in the "a" list box select "stop all connections", click "next" button; the abolition of the "edit properties" option and click "finish" button node beam configuration, as shown in Fig. as shown in.
Click the image for a larger viewSelect the IP filter

4.Assignment IP security policy.
The security policy has been created and can not take effect immediately, but also through the "assigned" to play a role. Right click the "local security settings" window "prohibited right pane of the PING host" strategy, implementation of the "assignment" command to enable the strategy, as shown in Fig.
Click the image for a larger viewAssignment IP security policy
After such a setting, the server has rejected ability any other computer Ping IP address, but its still is in the local Ping.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Gladys at December 21, 2013 - 9:31 PM