ICMP Flood Attack
Identifying ICMP (Internet Control Message Protocol) flood attacks is a critical aspect of maintaining network security and stability. ICMP flood, commonly known as a Ping flood, is a type of Denial-of-Service (DoS) attack where the attacker overwhelms the target with ICMP echo-request (ping) packets. This can saturate the network's bandwidth and disrupt the normal functioning of the target system, leading to slowdowns or complete unavailability of services. ICMP floods can be particularly disruptive as they exploit essential network diagnostic tools, making detection and mitigation challenging. Quick identification of these attacks is crucial for minimizing their impact, preserving network resources, and ensuring continuous service availability.
ElastiFlow provides a collection of anomaly detection jobs designed to identify ICMP flood attacks including several targeted strategies for monitoring network traffic and recognizing signs of an ICMP flood.
Attributes
Analysis Type
population
MITRE ATT&CK Technique
MITRE ATT&CK Sub-Technique
MITRE ATT&CK Tactic
Downloads
CODEX
direct
edge
CODEX
direct
inbound
CODEX
direct
outbound
CODEX
direct
private
CODEX
distributed
edge
CODEX
distributed
inbound
CODEX
distributed
outbound
CODEX
distributed
private
ECS
direct
edge
ECS
direct
inbound
ECS
direct
outbound
ECS
direct
private
ECS
distributed
edge
ECS
distributed
inbound
ECS
distributed
outbound
ECS
distributed
private
By deploying this suite of anomaly detection jobs, network administrators can quickly detect the onset of ICMP flood attacks, enabling them to take timely actions such as filtering ICMP traffic, reconfiguring firewalls, or engaging with their ISP for mitigation. Prompt detection and response to ICMP flood attacks are key to maintaining the resilience and reliability of network infrastructures in the face of such disruptive cyber threats.