icmp_flood
Description
This indicates the rate of ICMP packet to an IP address is above specified threshold level.
This indicate possible ICMP flood attack that is usually accomplished by broadcasting a large mass of ICMP echo request packets. During the attack, spoofed IP packets containing ICMP echo request with a source address equal to that of the target system and a broadcast destination address are sent to the intermediate netowrk. Sending an ICMP echo request to a broadcast address triggers all hosts included in the network to respond with an ICMP echo reply packet, thus creating a large mass of packets which are routed to the spoofed address of the target system. The target system is then slowed down or even crashed by the flooding packets.
Affected Products
Any unprotected system that is connected to the Internet
Impact
Denial of Service
Recommended Actions
Block the abnormal traffic using FortiGate.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |