diff --git a/ice-server/src/IceServer.cpp b/ice-server/src/IceServer.cpp
index 1de9a4bb58..a452ad8296 100644
--- a/ice-server/src/IceServer.cpp
+++ b/ice-server/src/IceServer.cpp
@@ -52,7 +52,6 @@ IceServer::IceServer(int argc, char* argv[]) :
     QTimer* inactivePeerTimer = new QTimer(this);
     connect(inactivePeerTimer, &QTimer::timeout, this, &IceServer::clearInactivePeers);
     inactivePeerTimer->start(CLEAR_INACTIVE_PEERS_INTERVAL_MSECS);
-
 }
 
 bool IceServer::packetVersionMatch(const udt::Packet& packet) {
@@ -80,6 +79,10 @@ void IceServer::processPacket(std::unique_ptr<udt::Packet> packet) {
             if (peer) {
                 // so that we can send packets to the heartbeating peer when we need, we need to activate a socket now
                 peer->activateMatchingOrNewSymmetricSocket(nlPacket->getSenderSockAddr());
+            } else {
+                // we couldn't verify this peer - respond back to them so they know they may need to perform keypair re-generation
+                static auto deniedPacket = NLPacket::create(PacketType::ICEServerHeartbeatDenied);
+                _serverSocket.writePacket(*deniedPacket, packet->getSenderSockAddr());
             }
         } else if (nlPacket->getType() == PacketType::ICEServerQuery) {
             QDataStream heartbeatStream(nlPacket.get());
diff --git a/libraries/networking/src/udt/PacketHeaders.cpp b/libraries/networking/src/udt/PacketHeaders.cpp
index 8a4c2ec34f..01bccdfdba 100644
--- a/libraries/networking/src/udt/PacketHeaders.cpp
+++ b/libraries/networking/src/udt/PacketHeaders.cpp
@@ -30,7 +30,7 @@ const QSet<PacketType> NON_SOURCED_PACKETS = QSet<PacketType>()
     << PacketType::DomainServerAddedNode << PacketType::DomainServerConnectionToken
     << PacketType::DomainSettingsRequest << PacketType::DomainSettings
     << PacketType::ICEServerPeerInformation << PacketType::ICEServerQuery << PacketType::ICEServerHeartbeat
-    << PacketType::ICEPing << PacketType::ICEPingReply
+    << PacketType::ICEPing << PacketType::ICEPingReply << PacketType::ICEServerHeartbeatDenied
     << PacketType::AssignmentClientStatus << PacketType::StopNode
     << PacketType::DomainServerRemovedNode;
 
diff --git a/libraries/networking/src/udt/PacketHeaders.h b/libraries/networking/src/udt/PacketHeaders.h
index af3fd49710..ca04b9cae4 100644
--- a/libraries/networking/src/udt/PacketHeaders.h
+++ b/libraries/networking/src/udt/PacketHeaders.h
@@ -90,7 +90,8 @@ public:
         DomainServerRemovedNode,
         MessagesData,
         MessagesSubscribe,
-        MessagesUnsubscribe
+        MessagesUnsubscribe,
+        ICEServerHeartbeatDenied
     };
 };