Resources Banner

Glossary - I

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

ICMP Flood

A victim server receives spoofed ICMP packets at a very high packet rate and with a very large source IP range. The victim server is overwhelmed by the large number of incoming ICMP packets. The attack consumes network resources and available bandwidth, exhausting the network until it shuts down. A full communication handshake is not used in the ICMP software stack to exchange data, making ICMP-based attacks difficult to detect. ICMP floods can overwhelm a network with packets containing randomized or fixed Source IP addresses. ICMP floods can target a specific server by using the victim’s information as the Destination port and IP within the packets.

 

ICMP Fragmentation

A victim server receives spoofed, large fragmented ICMP packets (1500 byte) at a high incoming packet rate and these packets cannot be reassembled. The large packet size expands the bandwidth of an ICMP attack. In addition, it causes the victim CPU to waste resources when it attempts to reassemble useless packets. This attack will often cause victim servers to overload and reboot.