ICMP flood (also known as ping flood) is probably the most common denial of service attack methods. It takes advantage of Internet Control Message Protocol (ICMP) that is used to exchange system messages and handle errors between computer systems. ICM protocol is commonly used for determining, if host is online and responding (ping command has been built into most of Operating systems for that). To determine, if the server responds an ICMP echo packet is used. Once server recieves the echo packet it responds to the IP address that sent the ping.
In ICMP flood hacker sends big or just many ICPM echo packets or UDP packets at the server. Due to the huge amount of packets server is trying to respond it won’t be able to respond to other requests thereby making the service unavailable.
ICMP attacks can be redular or distributed. Distributed ICPM floods are especially dangerous as a whole network of computers is pinging the same service.
How to stop ICMP flood?
Sadly there are few methods for victim to fight ICPM floods. Once the attack has started it is very hard to stop it, preventing it is equally hard. However there are some steps you can take to ensure your network safety.
- 1. Block icmp-type 8 thereby blocking all the echo requests to your server. This is advisable only during heavy attack as it will also block all ping requests.
- 2. Firewall and packet filtering can help, but probably won’t block all the attack packets without making any of your services unavailable.
- 3. Use client bottlenet to reduce the number of malicious requests that reach designated network/router/server.
1 comment ↓
We was attacked by someone for unknown reason in the earlier 2008. Traffic are grow over 8 Mbps and no one can stop it. Gladly, because it just disappear in the next day.
Leave a Comment