Introduction

A Denial of Service (DoS) attack restricts legitimate users to avail websites or servers by overwhelming them with fake traffic. A sceptical thanks to the recent technological advancements, there are different types of such attacks. A simpler type of such an attack is a Ping Flood, which is also called ICMP Flood Attack.

  1. What is a Ping Flood?
  2. Attack Description
  3. Methods of mitigation

1) What is a Ping Flood?

Like any other denial of service attack, a ping flood or ICMP flood attack prevents users from accessing an endpoint by flooding it with ICMP echo requests, also called pings. It involves a single connection over the internet between the attacker and the target. The attacker floods the victim’s network with request packets where the network has to respond with an equal number of reply packets.

This request-response game keeps the network channel occupied for the entire duration of the ICMP attack, consuming significant bandwidth which results in a denial of service for a legitimate user.

2) Attack Description

Generally, a ping request tests the connectivity of two computers over a network by measuring the turnaround time between an ICMP request and its corresponding response. A network packet is sent during the request which is then acknowledged by the target, sending a response back to the host. During an attack, continuous requests are sent, which overwhelms the network making it subdued for users’ requests.

The attacker knows the IP address of the target to execute the ping flood. Based on the target and how its IP address is resolved, attacks can be categorized as below.

  • A targeted local disclosed ICMP flood attacks a single computer on a local network. To discover the IP address of the target, the attacker needs to have the physical address to the computer. Such an attack will take down the target from the local network.
      
  • A router disclosed ICMP attack targets routers on the network to disrupt connectivity with the computers. For this type of ping flood, the attacker needs to know the internal IP address of a local router. All the computers connected to the router will be taken down post a successful attack.
      
  • A blind ping flood uses an external program to reveal the IP address of the target device before executing an attack. 

A successful ping flood sends the ICMP requests packets as fast as possible without waiting for replies. The attack is most successful when the attacker has a higher bandwidth than the victim. Since the sustenance of a ping flood depends on bandwidth, such type of attack is not that effective against a large network. 

3) Methods of mitigation

There are various ways to mitigate a ping flood which are listed below.

  • Ping flood attack utilizes Internet Control Message Protocol (ICMP), an internet layer protocol used by network devices to communicate. Disabling a ping flood becomes easiest by disabling the ICMP functionality of the victim device. However, doing this will disable all activities that use ICMP like ping requests, traceroute requests, and other network activities. 
  • Blocking ping floods from outside your network can be achieved by reconfiguring firewall to disallow pings. However, internal attacks from within your network cannot be mitigated by firewall configurations.
  • A robust mitigation strategy against ICMP floods will put a cap on the number of requests and the rate at which they are received.

Conclusion

Ping floods or ICMP flood attack is a denial-of-service attack that restricts legitimate access to devices on a network. Such an attack works by overwhelming the victim device with ICMP request (ping) commands over the network, making it impossible for the victim to send ICMP responses in time. This attack can be launched on a one-to-one connection or through a router provided the target’s IP address is known. Flood attacks can be effectively mitigated by limiting the size of ping requests its acceptance rate.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.

ALSO READ

SHARE
share

Are you ready to build your own career?