ICMP Flood
ICMP Flood Attack
Identifying ICMP (Internet Control Message Protocol) flood attacks is a critical aspect of maintaining network security and stability. ICMP flood, commonly known as a Ping flood, is a type of Denial-of-Service (DoS) attack where the attacker overwhelms the target with ICMP echo-request (ping) packets. This can saturate the network's bandwidth and disrupt the normal functioning of the target system, leading to slowdowns or complete unavailability of services. ICMP floods can be particularly disruptive as they exploit essential network diagnostic tools, making detection and mitigation challenging. Quick identification of these attacks is crucial for minimizing their impact, preserving network resources, and ensuring continuous service availability.
ElastiFlow provides a collection of anomaly detection jobs designed to identify ICMP flood attacks including several targeted strategies for monitoring network traffic and recognizing signs of an ICMP flood.
Attributes
Attribute | Information |
---|---|
Analysis Type | population |
MITRE ATT&CK Technique | Network Denial of Service (T1498) |
MITRE ATT&CK Sub-Technique | Direct Network Flood (T1498.001) |
MITRE ATT&CK Tactic | Impact (TA0040) |
Downloads
By deploying this suite of anomaly detection jobs, network administrators can quickly detect the onset of ICMP flood attacks, enabling them to take timely actions such as filtering ICMP traffic, reconfiguring firewalls, or engaging with their ISP for mitigation. Prompt detection and response to ICMP flood attacks are key to maintaining the resilience and reliability of network infrastructures in the face of such disruptive cyber threats.