Saturday, December 28, 2024
Google search engine
HomeData Modelling & AIICMP Flood DDoS Attack

ICMP Flood DDoS Attack

In today’s world, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have become a major threat to present computer networks. DDoS is a kind of attack in which an attacker targets the victim’s network resources such as bandwidth or memory so that the victim may stop responding to a legitimate user’s request. The attackers usually try to consume computational resources, such as bandwidth, processor time, and disk space by overloading or flooding the target system so that it becomes unavailable to the authorized users, or it just crashes.

There are many techniques to overload or flood the network resources of a system and one of the methods is the ICMP Flood attack. In Internet Control Message Protocol (ICMP) Flood, an attacker overpowers the computational resource by sending many  ICMP echo requests or ping packets to take down the targeted network infrastructure so that it becomes inaccessible to normal traffic.

ICMP provides error control, as IP does not have an inbuilt mechanism for sending error and control messages. It is used for reporting errors and management queries. It is a supporting protocol and is used by network devices like routers for sending error messages and operations information.

Description of Attack :

 In this attack, the victim’s network is flooded with ICMP request packets so that it becomes inaccessible to legitimate users while responding with an equal number of reply packets. The tools like “hping” and “scapy” can be used to bring a network target with ICMP request packets. These tools put lots of stress on both the incoming and outgoing channels of the network, consuming significant bandwidth, which results in a denial of service.

ICMP Flood DDoS

 

During the attack, an attacker might also use IP spoofing in order to mask their identity, this makes the tracing of DDoS attacks more difficult. The ICMP requests packets are sent as fast as possible without waiting for responses from the target. 

ICMP Flood:

For the practical demonstration, we are using Kali-Linux (Debian 5.10.13-1kali1) as the attacker machine and our Windows 11 as the target machine. To start the ICMP flood, we need to write the following command :

hping3 --icmp --flood <Target IP Address>

Below is the picture showing the network utilization of the system before the ICMP flood DDoS Attack.

CPU utilization before DDoS

 

Below is the picture showing the attacker machine running  the custom tool hping3 on the terminal :

Running hping3 on terminal

 

Below is the picture showing the network utilization of the system during the ICMP flood DDoS Attack on Windows 11 :

CPU utilization during DDoS

 

Below is the picture showing the network activity on Windows 11 :

Network Activity Windows 11

 

Prevention of ICMP Flood Attacks :

  • By disabling the ICMP functionality of the target system, we can prevent this attack. However, doing this will disable all activities that use ICMP like ping requests, traceroute requests, and other network activities. 
  • It can also be prevented by reconfiguring the firewall to disallow pings. However, the attacks from within the network cannot be mitigated.
  • By limiting the processing rate of incoming ICMP packets, alternatively limiting the allowed size of the ICMP requests.
Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments