Ping flood

From Wikipedia, the free encyclopedia

A ping flood is a simple Denial of service attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. It only succeeds if the attacker has more bandwidth than the victim (for instance an attacker with a T1 line and the victim on a dial-up modem). The attacker hopes that the victim will respond with ICMP Echo Reply packets, thus consuming outgoing bandwidth as well as incoming bandwidth.

[edit] Defense

To reduce the effects of a ping flood, a victim can use a firewall to filter the incoming ICMP Echo Request packets. This allows the computer to refuse sending ICMP Echo Reply packets which produces two benefits.

  1. Less bandwidth is wasted by not answering these packets.
  2. It is more difficult for the attacker to measure the effectiveness of the attack.

However, such a filter will also prevent the measuring of latency from legitimate users which may be undesirable. A compromise solution may be to only filter large ICMP Echo Request packets.

Note that one cannot trust the source IP address to be the address of which the packets are originating from since it can be spoofed to make it appear as if it is coming from another address. Each packet can also be spoofed to contain a randomly generated address.

[edit] See also

In other languages