What Is A Ping (ICMP) Flood DDOS Attack? Table of ContentsWhat Is A Ping (ICMP) Flood Attack?How Does A Ping Flood Attack Work?How Is A Ping Flood Attack Mitigated?What Is A Ping (ICMP) Flood Attack?Internet Control Message Protocol (ICMP) ping requests are used to check for connectivity and the health of networking devices.In a legitimate ICMP ping, the recipient device replies to an ICMP echo request. The response indicates the health of the recipient.Ping flood attack, commonly called ICMP flood attack, is a form of DDoS attack in which an attacker floods the recipient device by overwhelming it with ICMP echo requests, also known as pings.How Does A Ping Flood Attack Work?To execute a Ping flood attack, the attacker must know the IP address of the recipient device.For a successful and sustained Ping flood attack, the attacker must have more network bandwidth than the target network. In order to make it viable to overwhelm a target system, attackers generally use botnets.In a Ping flood attack, the recipient device, whose IP address is targeted, is flooded with ICMP echo requests. There is an expectation that the recipient device will reply to an ICMP echo request.To make the target device unreachable and unable to respond to legitimate requests, the attacker floods the target device continuously.How Is A Ping Flood Attack Mitigated?It is advisable to monitor the ICMP ping requests on a target device. The target network may implement volume and rate limits to prevent Ping flood attack.Since a Ping flood attack requires a valid IP address to target, secure internal networks using firewalls.In cases of sudden peaks in requests limit the number of ICMP messages and ping requests. Newer approaches block attacks without impacting legitimate traffic by using machine-learning and behavioral-based algorithms to understand what constitutes legitimate behavior profile and then automatically block malicious attacks. This increases protection accuracy while minimizing false positivesRelated articlesIP SpoofingDNS Flood Attack (DNS Flooding)TCP FloodAmplification AttackRadware’s related productsCloud DDoS Protection ServicePreemptive Multi-Layered DDoS Protection