2.1.3 Floods

ICMP floods are a type of DoS attack that broadcasts large numbers of IP packets. Ping floods and ping of death attacks are types of ICMP flood attacks.

A ping flood sends a large number of ICMP ping packets to a device. The flood of ping packets overwhelms the device consuming all its bandwidth. This works best when the attacker’s connection has higher bandwidth than the victim’s connection.

A ping of death attack was a problem before 1998 when systems fixed a bug that was letting them happen. In a ping of death, attackers changed the IP portion of the header to indicate the packet had more data than it really does, which caused some systems to crash. Pings could be sent with up to 65,535 bytes – the maximum size of an IPv4 packet.

A SYN flood attack occurs when too many TCP ports are opened up. The attack ties up the computer or network equipment with so many false requests that services are denied to others. A SYN flood attack disrupts the TCP session initiation process by withholding the third packet of the TCP three-way handshake.

A UDP flood attack sends a large number of UDP packets to random ports, which replies with ICMP Destination Unreachable packets.

A nuke was an attack common in the 1990s. A nuke attack repeatedly sent invalid ping packets to a device slowing it down and eventually causing it to crash.