Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
2
Replies

ICMP

SathishkumarSaravanan0348
Level 1
Level 1

‎09-25-2019 07:38 AM

Hello Experts,

 

How by giving extensive ping to the targeted server cause bandwidth reduction. I read this in Denial of service attack.

 

Explain the mechanism based on this. I know there are will be ICMP message that shows destination is unreachable in this case.

 

Regards,

Sathish

Labels:
0 Helpful
2 Replies 2

Parvesh Paliwal
Level 3
Level 3

‎09-25-2019 08:08 AM

Dear Sathish,
A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets. ICMP echo-request and echo-reply messages are used to ping a network device for the purpose of diagnosing the health and connectivity of the device and the connection between the sender and the device.

An ICMP request requires some server resources to process each request and to send a response. The request also requires bandwidth on both the incoming message (echo-request) and outgoing response (echo-reply). The Ping Flood attack aims to overwhelm the targeted device’s ability to respond to the high number of requests and/or overload the network connection with bogus traffic. By having many devices in a botnet target the same internet property or infrastructure component with ICMP requests, the attack traffic is increased substantially, potentially resulting in a disruption of normal network activity.

hope it helps.

Ref: https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-25-2019 09:47 AM

"How by giving extensive ping to the targeted server cause bandwidth reduction."

Yes indeed, in fact it's possible to fill the link to a host with nothing but pings requests. Of course, this can also be done with any kind of traffic directed to a host. As Parvesh notes, though, the host may try to reply to each ping request which demands processing resources on the host and can also possibly fill the host's egress bandwidth too.

Besides targeting one host, a ping request might be addressed to the local network prefix or as a full broadcast. Then one ping requests hits all the hosts. Further, the return address might also be forged to be the local network prefix or as a full broadcast. Then each host's reply is sent to every other host. The latter allows a low bandwidth ping request stream to possibly overwhelm the local network segment.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card