CAPEC-487: ICMP Flood

An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.

Not rated

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-487 (ICMP Flood) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-487: ICMP Flood

Overview

What the attacker needs

Prerequisites

How to mitigate it

Frequently asked questions

What is CAPEC-487?

How do you prevent CAPEC-487?

What weaknesses does CAPEC-487 target?

References

Defend against CAPEC-487

Overview

What the attacker needs

Prerequisites

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-487?

How do you prevent CAPEC-487?

What weaknesses does CAPEC-487 target?

References

Defend against CAPEC-487