Eliminating Ping Responses from Secret Servers
As an IT professional it is your job to know where every server is on your network. However, just because you know where a server is, doesn’t mean you want all of your end users knowing that. As a matter of fact, occasionally you may not even want an end user knowing a specific server exists. This is very commonplace with things such as RADIUS, encryption, and logging servers.
The first thing someone is going to do when looking for a server is to ping that server. Leveraging the power of the built-in Windows firewall, we can eliminate this functionality. Right-click on the network connection the server is accessed through and click “Properties”. Navigate to the “Advanced” tab and click the “Settings” button. If you then go to the “Advanced” tab of this window you will notice a section with an “ICMP” header. ICMP is the protocol used when a computer initiates a ping. By clicking “Settings” under this heading and unchecking “Allow incoming echo requests” box you can keep your server from responding to any ping requests, basically making it invisible.
Just remember, when you do this it will make everyone in the network unable to ping the computer, including you. This can cause confusion when trying to troubleshoot the server or network connectivity, so make sure you document this change if you decide to implement it.
Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.