In order to prevent users from pinging the server frequently, the server performance is degraded. Generally, rules are set in the firewall to ping the ping request. Then, if you simply rely on the system's own functions, you can also reject the user's ping server. Frequent use of the ping command will cause network congestion and reduce transmission efficiency. In order to avoid malicious network attacks, the user will generally refuse to ping the server. In order to achieve this, not only can be set in the firewall, but also can be set on the router, and can also be realized by the functions of the Windows 2000/2003 system itself. Either way, you can disable the ping action by disabling the use of the ICMP protocol. To set the IP policy in Windows Server 2003, reject the user Ping server as an example. The specific steps are as follows: 1. Add IP Filter Step 1. Click “Start/Administrative Tools/Local Security Policy" to open the “Local Security Settings” window. Right-click on the "IP Security Policy on the Local Computer" option in the left pane and execute the "Manage IP Filter Table and Filter Actions" shortcut command. Click the “Add” button in the “Manage IP Filter List” option to name this filter name “Forbidden PING”, the description language can be “Forbid any other computer PING My Host”, Then click the “Add” button Step 2, click “Next”→“Next” button, select “IP source address”for “my IP address” Click the “Next” button; select “<quo;IP communication destination address” as “any IP address”, click “Next” button; select “IP protocol type” for ICMP, Click the “Next” button. Click the “Complete”→“OK" button to end the addition Step 3, switch to the “Manage Filter Actions” tab, click “Add”→“Next & rdquo; button, name filter operation name is "block all connections", the description language can be "block all network connections", click the "next" button; click "check" & rdquo; option as The action behavior of this filter, and finally click "“Next" ”→“Complete”→“Close” button to complete all the additions. Create an IP security policy. Right-click on the console tree's "IP Security Policy, on the Local Computer" option, execute the "Create IP Security Policy" shortcut command, and then click the "Next" button. Name this IP security policy as "Forbidden PING Host", describe the language as "Reject any other computer's PING request" and click the "Next" button. Then click the “Next” button under the pre-selection "Activate default response rule". In the "Default Response Rule Authentication Method" dialog box, click the "Use this string to protect the key exchange" option and type a string such as "NO PING & rdquo;" in the text box below. Click the "Next" button. Finally, click the “Complete" button to finish creating 3. Configure an IP security policy. Click the “Add/Next" button in the “rules" tab in the "PING Host Properties" dialog box that opens, and click the default button. This rule does not specify a tunnel. Click the “Next” button; click “All Network Connections” to ensure that all computers are not pinging the host, click the “Next” button. In the "IP Filter List" box, click "PING", click the "Next" button; in the "Filter Action" box, click "Block all connections". Click the “Next" button; cancel the “Edit Attributes" option and click the “Complete& rdquo; button to end the configuration. Assign an IP security policy. Once the security policy is created, it does not take effect immediately. It also needs to be made through “ Assign”. Right-click the "Local Security Settings" window in the right pane of the window to "PING Hosting" policy, execute the "Assign" command to enable the policy. After such a setting, this server already has a rejection. The ability of any other computer to ping its own IP address, but the local Ping itself is still available. Under Linux, the use of the ping command is prohibited. Enter the Linux system as root, and then edit the file icmp_echo_ignore_all vi /proc/sys/net/ipv4/icmp_echo_ignore_all to change its value to 1 and disable PING to change its value to 0. The modification will prompt an error: WARNING: The file has been changed since reading it!!! Do you really want to write to it (y/n)?y "icmp_echo_ignore_all" E667: Fsync failed Hit ENTER or type command to continue Because proc/sys/net/ipv4/icmp_echo_ignore_all is not a real file If you want to modify his value you can echo 0 or 1 to this file (ie echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all ). If you want to change permanently, you can add a line net.ipv4.icmp_echo_ignore_all=1 to the configuration file /etc/sysctl.conf 3 Prevent the Ping with advanced settings By default, all Internet Control Message Protocol (ICMP) options are disabled. If the ICMP option is enabled, your network will be visible on the Internet and vulnerable to attack. If you want to enable ICMP, you must log in to the computer as an administrator or a member of the Administrators group, right-click on “My Network Places", select “Properties> in the pop-up shortcut menu that opens the "Network Connection" Connected to the Internet Connection Firewall, open its properties window, and switch to the "Advanced" tab, click on "Settings" below, and the "Advanced Settings" dialog box appears, in "ICMP" On the tab, check the type of request information that you want your computer to respond to. The checkbox next to the table enables this type of request. To disable it, clear the request type.