Skip to main content
Version: 7.2

ICMP Flood

ICMP Flood Attack

Identifying ICMP (Internet Control Message Protocol) flood attacks is a critical aspect of maintaining network security and stability. ICMP flood, commonly known as a Ping flood, is a type of Denial-of-Service (DoS) attack where the attacker overwhelms the target with ICMP echo-request (ping) packets. This can saturate the network's bandwidth and disrupt the normal functioning of the target system, leading to slowdowns or complete unavailability of services. ICMP floods can be particularly disruptive as they exploit essential network diagnostic tools, making detection and mitigation challenging. Quick identification of these attacks is crucial for minimizing their impact, preserving network resources, and ensuring continuous service availability.

ElastiFlow provides a collection of anomaly detection jobs designed to identify ICMP flood attacks including several targeted strategies for monitoring network traffic and recognizing signs of an ICMP flood.

Attributes

AttributeInformation
Analysis Typepopulation
MITRE ATT&CK TechniqueNetwork Denial of Service (T1498)
MITRE ATT&CK Sub-TechniqueDirect Network Flood (T1498.001)
MITRE ATT&CK TacticImpact (TA0040)

Downloads

SchemaVectorPerspectiveLink
CODEXdirectedgeelastiflow_codex_netsec_icmp_flood_direct_edge
CODEXdirectinboundelastiflow_codex_netsec_icmp_flood_direct_in
CODEXdirectoutboundelastiflow_codex_netsec_icmp_flood_direct_out
CODEXdirectprivateelastiflow_codex_netsec_icmp_flood_direct_priv
CODEXdistributededgeelastiflow_codex_netsec_icmp_flood_ddos_edge
CODEXdistributedinboundelastiflow_codex_netsec_icmp_flood_ddos_in
CODEXdistributedoutboundelastiflow_codex_netsec_icmp_flood_ddos_out
CODEXdistributedprivateelastiflow_codex_netsec_icmp_flood_ddos_priv
ECSdirectedgeelastiflow_ecs_netsec_icmp_flood_direct_edge
ECSdirectinboundelastiflow_ecs_netsec_icmp_flood_direct_in
ECSdirectoutboundelastiflow_ecs_netsec_icmp_flood_direct_out
ECSdirectprivateelastiflow_ecs_netsec_icmp_flood_direct_priv
ECSdistributededgeelastiflow_ecs_netsec_icmp_flood_ddos_edge
ECSdistributedinboundelastiflow_ecs_netsec_icmp_flood_ddos_in
ECSdistributedoutboundelastiflow_ecs_netsec_icmp_flood_ddos_out
ECSdistributedprivateelastiflow_ecs_netsec_icmp_flood_ddos_priv

By deploying this suite of anomaly detection jobs, network administrators can quickly detect the onset of ICMP flood attacks, enabling them to take timely actions such as filtering ICMP traffic, reconfiguring firewalls, or engaging with their ISP for mitigation. Prompt detection and response to ICMP flood attacks are key to maintaining the resilience and reliability of network infrastructures in the face of such disruptive cyber threats.