Ping flood

From Wikipedia, the free encyclopedia

You have new messages (last change).

A ping flood is a simple Denial of service attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. It only succeeds if the attacker has more bandwidth than the victim (for instance an attacker with a T1 line and the victim on a dial-up modem). The attacker hopes that the victim will respond with ICMP Echo Reply packets, thus consuming outgoing bandwidth as well as incoming server bandwidth.

[edit] Defense

To reduce the effects of a ping flood, a victim can use a firewall to filter the incoming ICMP Echo Request packets entirely, or if a large number of requests are received at one time. Refusing to send ICMP Echo Reply packets produces two benefits:

  1. Less bandwidth is wasted by not answering these packets.
  2. It is more difficult for the attacker to measure the effectiveness of the attack.

However, such a filter will also prevent the measuring of latency from legitimate users which may be undesirable. A compromise solution may be to only filter large ICMP Echo Request packets.

Note that one cannot trust the source IP address to be the address of which the packets are originating from since it can be spoofed to make it appear as if it is coming from another address. Each packet can also be spoofed to contain a randomly generated address.

[edit] See also

 This computer-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../p/i/n/Ping_flood.html"
In other languages