Threat Encyclopedia

icmp_flood

description-logoDescription

This indicates the rate of ICMP packet to an IP address is above specified threshold level.
This indicate possible ICMP flood attack that is usually accomplished by broadcasting a large mass of ICMP echo request packets. During the attack, spoofed IP packets containing ICMP echo request with a source address equal to that of the target system and a broadcast destination address are sent to the intermediate netowrk. Sending an ICMP echo request to a broadcast address triggers all hosts included in the network to respond with an ICMP echo reply packet, thus creating a large mass of packets which are routed to the spoofed address of the target system. The target system is then slowed down or even crashed by the flooding packets.

affected-products-logoAffected Products

Any unprotected system that is connected to the Internet

Impact logoImpact

Denial of Service

recomended-action-logoRecommended Actions

Block the abnormal traffic using FortiGate.

Telemetry logoTelemetry