Home > CAPEC List > CAPEC-487: ICMP Flood (Version 2.9)  

CAPEC-487: ICMP Flood

ICMP Flood
Definition in a New Window Definition in a New Window
Attack Pattern ID: 487
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.

+ Attack Prerequisites
  • This type of an attack requires the ability to generate a large amount of ICMP traffic to send to the target server.

+ Solutions and Mitigations

To mitigate this type of an attack, an organization can enable ingress filtering. Additionally modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks.

+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015