Skip to content

ICMP Flood

yukı edited this page Aug 24, 2023 · 2 revisions

Introduction:

ICMP (Internet Control Message Protocol) flood attacks and Ping of Death (PoD) attacks are two forms of Denial of Service (DoS) attacks that exploit vulnerabilities in the ICMP protocol to disrupt victim servers or networks. ICMP flood attacks involve overwhelming the victim with a flood of ICMP packets, while PoD attacks exploit flaws in the handling of ICMP or IP packets to crash or freeze the targeted system. In this comprehensive text, we will delve into the details of ICMP flood and PoD attacks, discuss their implications, and highlight the impact they can have on targeted systems and networks.

Understanding ICMP Flood Attacks:

ICMP flood attacks involve flooding the victim's network with an excessive amount of ICMP packets. ICMP is primarily used for diagnostic and error reporting purposes in IP networks. Attackers can leverage the stateless nature of ICMP and the availability of amplification techniques to generate a flood of ICMP Echo Request (ping) packets. This flood overwhelms the victim's network resources, consumes bandwidth, and hinders the system's ability to handle legitimate traffic.

ICMP flood attacks can lead to a denial of service by flooding the victim's network with ICMP packets, disrupting the normal operation of network services and causing performance degradation or unavailability.

Understanding Ping of Death (PoD) Attacks:

Ping of Death (PoD) attacks exploit vulnerabilities in the ICMP or IP protocols to crash or freeze the targeted system. These attacks involve sending maliciously crafted ICMP or IP packets with abnormally large payloads that exceed the maximum size allowed by the protocol specifications. When the targeted system receives these oversized packets, it may experience buffer overflows, memory corruption, or system crashes, leading to a complete loss of functionality or unresponsiveness.

Implications of ICMP Flood and PoD Attacks:

ICMP flood and PoD attacks can have significant consequences for targeted systems and networks, including:

  • Denial of Service (DoS): Both ICMP flood attacks and PoD attacks can cause a denial of service by overwhelming the victim's network or crashing the targeted system. This disrupts critical services, resulting in financial losses, customer dissatisfaction, and reputational damage.

  • Resource Exhaustion: ICMP flood attacks consume substantial network resources, including bandwidth, processing power, and memory. The flood of ICMP packets consumes these resources, leading to performance degradation, system instability, or crashes. Similarly, PoD attacks exploit vulnerabilities to exhaust system resources and cause service disruptions.

  • Disruption of Network Connectivity: ICMP flood attacks and PoD attacks can disrupt network connectivity by saturating network links, causing congestion, and preventing the proper functioning of network services. Users may experience delays, packet loss, or inability to establish connections.

  • System Vulnerabilities: ICMP flood attacks and PoD attacks highlight vulnerabilities in network protocols and systems. These attacks expose flaws in the implementation of ICMP or IP protocols, requiring system administrators to address these vulnerabilities through software patches, configuration updates, or security enhancements.

How does the script deals with that:

  • Rate-limit (all ICMP)
  • Length-limit (ICMP type 8)

We also blocking some types of ICMP to improve security and protect against:

  • ICMP Redirect Attack
  • ICMP Timestamping
  • Other ICMP attacks