Intrusion Prevention

icmp_flood

Description

This indicates the rate of ICMP packet to an IP address is above specified threshold level.
This indicate possible ICMP flood attack that is usually accomplished by broadcasting a large mass of ICMP echo request packets. During the attack, spoofed IP packets containing ICMP echo request with a source address equal to that of the target system and a broadcast destination address are sent to the intermediate netowrk. Sending an ICMP echo request to a broadcast address triggers all hosts included in the network to respond with an ICMP echo reply packet, thus creating a large mass of packets which are routed to the spoofed address of the target system. The target system is then slowed down or even crashed by the flooding packets.

Affected Products

Any unprotected system that is connected to the Internet

Impact

Denial of Service

Recommended Actions

Block the abnormal traffic using FortiGate.