3. • A ping flood is a denial-of-service attack in which
the attacker attempts to overwhelm a targeted
device with ICMP echo-request packets, causing
the target to become inaccessible to normal traffic.
When the attack traffic comes from multiple
devices, the attack becomes a DDoS or distributed
denial-of-service attack.
What is a Ping (ICMP) flood attack?
4. HOW DOES A PING FLOOD ATTACK WORK?
• The Internet Control Message Protocol (ICMP), which is utilized in a Ping
Flood attack, is an internet layer protocol used by network devices to
communicate. The network diagnostic tools traceroute and ping both
operate using ICMP. Commonly, ICMP echo-request and echo-reply
messages are used to ping a network device for the purpose of diagnosing
the health and connectivity of the device and the connection between the
sender and the device.
• The Ping Flood attack aims to overwhelm the targeted device’s ability to
respond to the high number of requests and/or overload the network
connection with bogus traffic.
5. THE DDOS FORM OF A PING (ICMP) FLOOD CAN BE
BROKEN DOWN INTO 2 REPEATING STEPS:
1. The attacker sends many ICMP echo request
packets to the targeted server using multiple
devices.
2. The targeted server then sends an ICMP echo reply
packet to each requesting device’s IP address as a
response.
6. THE DAMAGING EFFECT OF A PING FLOOD IS DIRECTLY PROPORTIONAL
TO THE NUMBER OF REQUESTS MADE TO THE TARGETED SERVER.
7. HOW IS A PING FLOOD ATTACK MITIGATED?
• Disabling a ping flood is most easily accomplished by disabling the ICMP
functionality of the targeted router, computer or other device. A network
administrator can access the administrative interface of the device and
disable its ability to send and receive any requests using the ICMP,
effectively eliminating both the processing of the request and the Echo
Reply. The consequence of this is that all network activities that involve
ICMP are disabled, making the device unresponsive to ping requests,
traceroute requests, and other network activities.
8. HOW DOES CLOUDFLARE MITIGATE PING FLOOD
ATTACKS?
• Cloudflare mitigates this type of attack in part by standing
between the targeted origin server and the Ping flood. When
each ping request is made, Cloudflare handles the processing
and response process of the ICMP echo request and reply on
our network edge. This strategy takes the resource cost of both
bandwidth and processing power off the targeted server and
places it on Cloudflare’sAnycast network.
9. WHAT IS A PING OF DEATH ATTACK?
• A Ping of Death attack is a denial-of-service (DoS) attack, in
which the attacker aims to disrupt a targeted machine by
sending a packet larger than the maximum allowable size,
causing the target machine to freeze or crash. The original
Ping of Death attack is less common today. A related attack
known as an ICMP flood attack is more prevalent.
10. PREVENTING PING OF DEATH ATTACKS
• Firewalls should be used as a general security best practice, as they have the ability
to block requests coming from unauthorized sources (including attackers).
• Using a reputable, up-to-date antivirus or anti-malware can help deal with any
malicious code that could be injected into the system as a result of a Ping of Death
attack.
• Disabling the ICMP functionality of a router can be a solution.
• Trusted VPN services also offer Denial of Service and distributed denial of service
protection. Since the user’s IP address is masked by the VPN, it also becomes virtually
impossible to carry out Ping of Death on them.
