ICMP Flooding

Hello everyone,

For those of you immersed in the realms of consulting, freelancing, or cybersecurity, you've likely encountered scenarios where ports or services are inaccessible for conducting penetration tests. In such situations, a viable alternative is to assess the availability of the ping service. If ping functionality is present, leveraging ICMP attacks becomes a feasible option due to the association of ping with the ICMP protocol.

In this demonstration, our target platform is https://www.hackthissite.org/, renowned for providing a secure and legitimate environment for hackers to hone their ethical hacking skills through challenges, CTFs, and more.

Given that ping service is enabled on this platform, we can explore ICMP attacks. Among the various ICMP attacks, one prevalent type involves inundating the target with ICMP echo-requests, constituting a Denial-of-Service (DoS) assault termed an Internet Control Message Protocol (ICMP) flood DDoS attack or Ping flood attack.

What exactly is a ping/ICMP flood attack? Essentially, attackers endeavor to overwhelm a specific device by bombarding it with ICMP echo-requests. Normally, ICMP echo-request and echo-reply messages are utilized to ascertain the connectivity, health, and integrity of the network connection between sender and recipient. However, in an ICMP flood attack, the sheer volume of request packets inundates the target, compelling it to respond with an equivalent number of reply packets. Consequently, the target becomes inaccessible to legitimate traffic.

Here's a glimpse into executing an ICMP flooding attack using Kali Linux, leveraging the hping3 tool:

Execute the following command:

Optionally, you can open another terminal window and attempt to ping the target to verify the ongoing ping communication.

Alternatively, you may employ Wireshark to analyze the attack's traffic patterns.

By scrutinizing the Wireshark data below, you'll gain insight into the structure and impact of the attack.

Thank you for your attention, and here's to happy hacking endeavors for all!