ICMP Flood attack

DrJohnZoidberg

DrJohnZoidberg

Honorary Master
Joined
Jul 24, 2006
Messages
27,997
Reaction score
7,454
Location
Table View
Noticed just now that our office pfSense box was blocking a crapload of traffic, checked the firewall logs and noticed hundreds of ICMP requests. I don't allow ICMP pings to the network so they would have just been rejected but a ton of the IPs were being blocked totally anyway by pfBlocker.

Glad to see pfBlocker works so well:

Screenshot%202014-05-22%2011.02.54.png


I'm not such a network guru so is there anything else I should be concerned about?
 
Nah. Usually they're trying to DDoS your box with ICMP pings.

If it get any worse, let your ISP know so that they can block the offending IP's on their equipment.
 
ICMP flood attacks are useless, it usually get throttled somewhere. A real hacker will use a botnet doing DNS reflection attack on UDP. UDP is best way to flood.

Besides, it is actually a bad thing to block ICMP. ICMP is used to diagnose problems. With IPv6 in fact, if you block it, you will lose connectivity, as it is used to configure the protocol as well.
 
Hundreds or thousands of ICMP packets are not a flood. It is normal network activity.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X