If an old server can't be patched, and is gonna stay that way for longer than "oh, I remember that vulnerability being announced a week ago", then

   chmod 4500 /sbin/ping
   mv /sbin/ping /sbin/ping_CVE-2022-23093
   

and put a few-lines shell script in /sbin/ping, which spits out a reminder of the vulnerability, and exits non-zero.