Lock Ping traffic with IPSec
In this article we will show you how to configure Windows 2000 / XP / 2003 computers to block Ping packets.
In this article we will show you how to configure Windows 2000 / XP / 2003 computers to block Ping packets.
Windows 2000 / XP / 2003 computers have a built-in IP security mechanism called IPSec (IP Security). IPSec is a protocol designed to protect TCP / IP data packets when they are transmitted in the network using public key encryption. In essence, the source machine will package the standard IP address inside an encrypted IPSec. This packet will then be maintained in encrypted state until it reaches the destination machine.
In addition to the above feature, besides encryption, IPSec also allows you to protect and configure workstations and servers with a firewall-like mechanism.
Can you protect your computers with IPSec? Quite simply, just create a policy to instruct the computer to block certain IP traffic configured by that rule.
Lock PING on a computer
To lock PING traffic to and from a computer, you need to create an IPSec policy to block all ICMP traffic.
Check if the computer responds to PING requests by pinging it:
To configure, follow these steps:
Configure the list of IP address filtering and filtering actions.
- Open the MMC window ( Start> Run> MMC ).
- Add Security Policy Management Snap-In .
- In the Select which computer this policy will manage window, select Local Computer (or whatever policies depend on your needs). Click Close and then click OK .
- Right-click IP Security Policies in the left pane of the MMC console. Select Manage IP Filter Lists and Filter Actions .
- You do not need to configure a specific IP Filter (IP Filter) for ICMP (the protocol used for PING) because such a filter already exists by default - All ICMP Traffic.
However, you can still configure many specific IP Filter (IP Filter) for ICMP. For example, you might want to prevent a server from answering all PINGs except for PINGs sent by a computer that is used by the help desk. In that case, you need to add a new IP Filter and use your defined destination and source IP addresses, and the ICMP protocol. We will show you how to lock the browsing action but still allow IPSec internal network traffic in another article for you to learn more about how to create an IP Filter filter.
- In Manage IP Filter Lists and Filter actions , review your filters and consider whether it's all ok, click the Manage Filter Actions tab. Now we need to add filtering to lock our designated traffic, so click Add .
- In the Welcome screen, click Next .
- In Filter Action Name , click Next .
- In Filter Action General Options click Block and then click Next .
- Go back to Manage IP Filter Lists and Filter actions , review all your filters if it's ok, then click the Close button. You can add Actions Filters and Actions Filter at any time if you want.
The next step is to configure IPSec Policy and assign it.
Configure IPSec Policy
- In the MMC interface, right-click IP Security Policies on the Local Computer and select Create IP Security Policy .
- In the Welcome screen, click Next
- In the IP Security Policy Name , enter a descriptive name, such as " Block PING ". Click Next .
- In the Request for Secure Communication window, uncheck the Active the Default Response Rule check box. Click Next .
- In the Completing IP Security Policy Wizard window, click Finish .
- We now need to add the various IP Filters and Filter Actions to the new IPSec Policy . In the new IPSec Policy window, click Add to add IP Filters and Filter Actions
- In the welcome window, click Next .
- In Tunnel Endpoint , make sure that the default settings are selected and click Next .
- In the Network Type window, select All Network Connections and click Next .
- In the IP Filter List window, select " All ICMP Traffic " (or any IP Filter configured in step 5 above the article). If for some reason, you did not properly configure the IP Filter beforehand, you can click Add and add it at this time. When done, click Next .
- In the Filter Action window select " Block ". Next, if you have not configured the right Filter Action before, you can click Add to add it now. When done, click Next .
- Notice how to add IP Filter.
Next, you can add any combination of IP Filters and Filter Actions if you want.
Note that you cannot change their order like true firewalls. However this configuration works quite perfectly.
The next stage is to assign the IPSec Policy.
Assign IPSec Policy
- In the MMC interface, right-click IPSec Policy and select Assign .
When done, you can test the configuration by trying to surf to a restricted and restricted website.
Lock multiple computers
Locking multiple computers can be done in two ways:
Export and Import IPSec Policy
Configure IPSec Policy through GPO
Both of these methods are used to prevent some computers from using ICMP (for other IPSec Policies).
Update 25 May 2019
You should read it
- What is PING? How is PING Test?
- Block web browser with IPSec
- Fix high Ping error on Windows 10, 11 effectively
- Disable PING response in Windows
- What is Ping? How to check Ping on computer
- How to Ping on Mac OS
- What is a ping? Ping instructions to test the network and explain the parameters
- 10 best Ping monitoring software and tools
- IPSec Policy Agent security
- Wireless network traffic security - Part 2
- 10 reasons why IPsec VPN failed
- Overview of Windows Server 2008 Firewall with advanced security features (continued part 3)