ICMP Flood Attack

Identifying ICMP (Internet Control Message Protocol) flood attacks is a critical aspect of maintaining network security and stability. ICMP flood, commonly known as a Ping flood, is a type of Denial-of-Service (DoS) attack where the attacker overwhelms the target with ICMP echo-request (ping) packets. This can saturate the network's bandwidth and disrupt the normal functioning of the target system, leading to slowdowns or complete unavailability of services. ICMP floods can be particularly disruptive as they exploit essential network diagnostic tools, making detection and mitigation challenging. Quick identification of these attacks is crucial for minimizing their impact, preserving network resources, and ensuring continuous service availability.

ElastiFlow provides a collection of anomaly detection jobs designed to identify ICMP flood attacks including several targeted strategies for monitoring network traffic and recognizing signs of an ICMP flood.

Attributes

Attribute	Information
Analysis Type	population
MITRE ATT&CK Technique	Network Denial of Service (T1498)
MITRE ATT&CK Sub-Technique	Direct Network Flood (T1498.001)
MITRE ATT&CK Tactic	Impact (TA0040)

Downloads

Schema	Vector	Perspective	Link
CODEX	direct	edge	elastiflow_codex_netsec_icmp_flood_direct_edge
CODEX	direct	inbound	elastiflow_codex_netsec_icmp_flood_direct_in
CODEX	direct	outbound	elastiflow_codex_netsec_icmp_flood_direct_out
CODEX	direct	private	elastiflow_codex_netsec_icmp_flood_direct_priv
CODEX	distributed	edge	elastiflow_codex_netsec_icmp_flood_ddos_edge
CODEX	distributed	inbound	elastiflow_codex_netsec_icmp_flood_ddos_in
CODEX	distributed	outbound	elastiflow_codex_netsec_icmp_flood_ddos_out
CODEX	distributed	private	elastiflow_codex_netsec_icmp_flood_ddos_priv
ECS	direct	edge	elastiflow_ecs_netsec_icmp_flood_direct_edge
ECS	direct	inbound	elastiflow_ecs_netsec_icmp_flood_direct_in
ECS	direct	outbound	elastiflow_ecs_netsec_icmp_flood_direct_out
ECS	direct	private	elastiflow_ecs_netsec_icmp_flood_direct_priv
ECS	distributed	edge	elastiflow_ecs_netsec_icmp_flood_ddos_edge
ECS	distributed	inbound	elastiflow_ecs_netsec_icmp_flood_ddos_in
ECS	distributed	outbound	elastiflow_ecs_netsec_icmp_flood_ddos_out
ECS	distributed	private	elastiflow_ecs_netsec_icmp_flood_ddos_priv

By deploying this suite of anomaly detection jobs, network administrators can quickly detect the onset of ICMP flood attacks, enabling them to take timely actions such as filtering ICMP traffic, reconfiguring firewalls, or engaging with their ISP for mitigation. Prompt detection and response to ICMP flood attacks are key to maintaining the resilience and reliability of network infrastructures in the face of such disruptive cyber threats.