• Skip to main content
  • Skip to primary sidebar

DDoS Blog

Cyber Security News

What is a Ping Flood?

December 23, 2017 By TheNewsTeam

A Ping Flood is an evolved variant of an ICMP Flood in which attackers use PING, a variant ICMP to send highly-spoofed PING (ICMP) echo requests at a high rate and from  large range of random source IPs, or as if they are the IP address of the victim. They can quickly overwhelm a target server because they try to process every individual ICMP request and respond with an equal number of reply packets, and this can lead to denial-of-service. A PING Flood is application specific. PING Floods are particularly intense forms of ICMP Floods because they test the network latency.

PING requests test the connectivity of two computers by measuring the time from when an ICMP echo request is sent to when an echo reply is received. During a DDoS attack, however, PING requests are used instead to overload a target network with data packets.

PING floods require knowledge of the IP address of the target. Attacks can be broken down into three categories, depending on what the target is and how its IP address is resolved:

(i) A targeted local disclosed ping flood – this involves the targeting of a single computer on a network to take it down. An attacker needs physical access to a computer to discover its IP address.

(ii) A router disclosed ping flood – This is reliant on an attacker knowing the internal IP address of a local router. It targets routers to disrupt communications between computers on a network, and takes down all the connected computers if successful.

(iii) A blind ping flood – An external program is required to find out the IP address of the computer or router of a target.

This requirement for the knowledge of the IP address of the target limits the capacity of a DDoS attack, particularly against a large network; as does the fact that the attacking computer must have access to greater bandwidth than the victim. A DDoS attack used with a botnet has a far higher potential for sustaining a PING Flood and overwhelming a target’s resources.

The PING requests are usually highly-spoofed and sophisticated in their appearance, making a PING attack difficult to detect by deep packet inspection or other similar techniques.

Filed Under: PING Flood Tagged With: botnet, DDoS, ICMP Flood, IP address, ping flood, PING requests, targeted server

Primary Sidebar

Directory

  • Accidental DDoS
  • Akamai
  • Arbor Cloud
  • Business Rivalry DDoS
  • China Unicom
  • Cloud Computing
  • Cloudflare
  • Corero Network Security
  • DDoS Case Studies
  • DDoS Foundations
  • DDoS History
  • DDoS Landscape
  • DDoS mitigation
  • DDoS Motivation
  • DDoS Protection Services
  • DDoS Scripts
  • DDoS Tools
  • DNS Amplification
  • DNS Flood
  • DoSarrest
  • Extortion DDoS
  • F5 Networks
  • Genie Networks
  • Google
  • Government
  • Hacktivist DDoS
  • HTTP Attack
  • ICMP Flood
  • Imperva Incapsula
  • Infrastructure-related attacks
  • IoT DDoS
  • IP Fragmentation Attack
  • IP Null Attack
  • Kentik
  • LAND attack
  • MemCached DDoS
  • Mitigation Techniques
  • Multi-vector Attack
  • Nation State DDoS
  • Neustar
  • Nexusguard
  • NTP Amplification Attack
  • Null Routing
  • PING Flood
  • Ping of Death
  • Random Recursive GET attack
  • Recursive GET attack
  • Reflection Attack
  • Script Kiddies DDoS
  • Slowloris
  • Slowloris
  • Smokescreen DDoS
  • Specially Crafted DDoS
  • SSL-based DDoS
  • SYN Floods
  • SYN-ACK Flood
  • Types of Attack
  • Types of Mitigation
  • UDP Flood
  • Uncategorized
  • Verisign
  • Verizon
  • XML-DoS
  • Zero-day DDoS Attack
Copyright © 2017 Disclaimer. Privacy Policy
All product names, logos, and brands are property of their respective owners.