+5 votes
230 views
in Security by (242k points)
reopened
Ping flood

1 Answer

+3 votes
by (1.6m points)
edited
 
Best answer

What is ping flood?
What is ping flood?
Protective measures against ping flood attacks
Ping flood attack as denial of service (DoS)
Ping flood attack as distributed denial of service (DDoS)
Configure the system to improve security
Use a cloud-based service to mitigate DDoS
Protect the system with special hardware

image

Ping flood

The ping flood is a type of denial-of-service attack ( denial of service ). To give you an idea of ​​what it is, we could compare it to a phone prank: the attacker calls and hangs up over and over again, collapsing the line and preventing the use of the service and answering legitimate calls..

Apart from ping flood , other well-known flood attacks such as HTTP flood, SYN flood and UDP flood are used, all with the same objective: to saturate the target system with arbitrary requests until it collapses. The ping flood should not be confused with the so-called ping of death ( ping of death ), which blocks the target system directly, without overloading it with data.

Index
  1. What is ping flood?
  2. What is ping flood?
    1. Ping flood attack as denial of service (DoS)
    2. Ping flood attack as distributed denial of service (DDoS)
  3. Protective measures against ping flood attacks
    1. Configure the system to improve security
    2. Use a cloud-based service to mitigate DDoS
    3. Protect the system with special hardware

What is ping flood?

The ping flood is a cyberattack that can be directed against various Internet connected systems such as servers, routers or computers domestic private users..

In technical terms, ping flood is based on the Internet Control Message Protocol (ICMP). This protocol and the related? Ping? they are commonly used to carry out network tests. Through ping flood , a massive sending of ICMP echo request packets is made to the destination computer . In this way, if the attacker has more bandwidth than the victim, he falls off the network.

What is ping flood?

The operation of a ping flood attack is simple:

  1. The attacker sends echo request packets in bulk to the victim's device.
  2. The victim's device responds with echo reply packets .

Every incoming echo request packet uses the victim's bandwidth. As an echo reply type packet is also sent for each incoming packet, the data volume of outgoing network traffic is equally high. If the attacker has enough bandwidth, this causes all available network resources on the victim's side to be used . In this way, legitimate network traffic is interrupted or completely lost..

Depending on whether the attack is carried out from a single computer or from a computer network, the ping flood attack will be a DoS or DDoS attack.

image
The attacker crashes the victim's device by sending massive data packets

Ping flood attack as denial of service (DoS)

In this simpler version of the attack, the attacker (A) sends the echo request packets to the victim (V) from a single device . In order not to reveal his identity, the attacker resorts to spoofing and changes his own IP address. The computer (O) that can be accessed randomly by this IP address is bombarded by the resulting echo reply packets . This backscatter effect is also known as a backscatter . In some variants of ping flood , such as the so-called smurf attack or smurf attack , the backscatter is used as a weapon in itself.

To direct the ping flood against the victim, the attacker uses the command? Ping? or a modern alternative like the hping tool. The attack begins at the command line : the ping flood is triggered by a command specially designed for it. For security reasons, we can only include a rough sample of the? Hping? Code:

  hping --icmp --flood --rand-source -p <Port> <dirección IP>  

Let's see the options:

  • The --icmp option tells the tool to use ICMP as the protocol.
  • The --flood option is very important: according to the documentation for the? Hping? Command, it causes packets to be sent as fast as possible. On the other hand, this option causes the victim's echo reply packets to be dropped without being noticed. This way, instead of running? Ping? and then wait for the response to arrive, as with normal use of this command, the response is? fired? as fast as possible.
  • The --rand-source option spoofs the sender's IP address. Thus, instead of the real address, a random IP address is entered.

Ping flood attack as distributed denial of service (DDoS)

To trigger a distributed ping flood , the attacker (A) uses a botnet (B). When the command is executed, the bots controlled by the attacker initiate the ping flood against the victim (V). In this case, since multiple computers are targeting the same target, much higher bandwidth is available on the attacker's side . Only a very well-protected target is able to counter this attack.

In this situation, the attacker does not send the echo request packets from his own computer, so there is no reason for him to hide his IP address. It is the bots that make the requests from their own address, and the backscatter affects the botnet's zombie computers .

Protective measures against ping flood attacks

There are three main ways to protect against ping flood attacks :

Configure the system to improve security

Probably the easiest way to protect against a ping flood attack is to disable the ICMP functionality of the victim's device . This measure is helpful immediately when a ping flood has started , but it can also be used proactively to minimize the area of ​​attack.

Additionally, routers and firewalls can be configured to detect and filter incoming malicious network traffic . The use of load balancing technologies (English, load balancing ) and speed limitation (in English, rate limiting ) also help protect against DoS attacks.

Use a cloud-based service to mitigate DDoS

Large providers like Cloudflare have servers available in distributed data centers around the world. By managing your own website, you can route traffic through these data centers, which means having a much higher bandwidth to dampen DDoS attacks. Additionally, data traffic is filtered through integrated systems such as a firewall , load balancer, and rate limiter.

Protect the system with special hardware

The option of protecting the system itself with special hardware is only suitable for large companies. These appliances offer or combine the functionality of a firewall , load balancer, and rate limiter to filter or block malicious network traffic.


...