ICMP Flooding – Denial of Service

By Aanand babu - SME Vulnerability Assessment
27
Mar
23

Top 5 API Pentest Tools 2023

APIs (Application Programming Interfaces) have become an integral part of modern software development. APIs enable software applications to communicate and share data with each other,…
Read More
23
Mar
23

CISA Alerts on Critical Security Vulnerabilities in Popular VPNs and Routers

The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert on critical security vulnerabilities in popular virtual private networks (VPNs) and routers. The alert…
Read More
22
Mar
23

New Shellbot DDoS Malware Targeting Linux Systems

A new variant of Shellbot malware has been discovered that is targeting Linux-based systems for launching Distributed Denial of Service (DDoS) attacks. The malware, which…
Read More
21
Mar
23

10 Mac OS Malware outbreaks 2023

The MacOS.T-Virus is a new malware that was discovered in 2023. It was first found in a software update for Apple's macOS operating system, which…
Read More
21
Mar
23
Cybersecurity in EdTech

Chinese Hackers Exploit Fortinet Zero-Day Vulnerability: What You Need to Know

In recent news, Chinese hackers have been found exploiting a zero-day vulnerability in Fortinet, a multinational cybersecurity company. This exploit has the potential to allow…
Read More
14
Mar
23

Best Practices for Securing Remote Workers

With more people working from home than ever before, ensuring the security of remote workers and their devices is more important than ever. To secure…
Read More
13
Mar
23

The Role of Endpoint Security in Cybersecurity: A Technical Guide

Endpoint security is a critical component of any cybersecurity program. Endpoints, such as laptops, desktops, and mobile devices, are often the entry point for cyber…
Read More
09
Mar
23

How to Browse the Internet Anonymously with Whonix

Whonix is a free and open-source operating system focused on privacy and security. It is designed to run inside a virtual machine and route all…
Read More
09
Mar
23

The Importance of Vulnerability Management in Cybersecurity: A Technical Guide

In today's digital age, cybersecurity threats are more prevalent than ever. Hackers are constantly looking for vulnerabilities in software, networks, and systems to exploit for…
Read More
08
Mar
23
Architecture Review Company in Kochi, Kerala, India

Protecting Your Business from Cyber Threats: A Comprehensive Guide to Cybersecurity Best Practices

Cybersecurity is a top concern for businesses of all sizes. In this blog post, we'll explore the best practices for protecting your business from cyber…
Read More
07
Mar
23

The Importance of Regular Cybersecurity Risk Assessments for Businesses

Regular cybersecurity risk assessments are essential for businesses to identify and mitigate potential security threats. In this blog post, we'll explore the importance of risk…
Read More
06
Mar
23

The Top Cybersecurity Threats Facing Businesses in 2023

In this blog post, we'll explore the top cybersecurity threats facing businesses in 2023 and provide actionable tips for protecting against these threats. From ransomware…
Read More

What Attack to do when there is no Ports opened on you target ??(ICMP Flooding)

Hi all, most of you will be either working as consultant, freelancer or cyber security enthusiast and most of have had gone through a situation where there is no ports or service is enabled to perform penetration Test in this time you can check for ping service. if ping service is there then we can preform ICMP attacks, since ping is working with ICMP protocol.

Here we will be using the https://www.hackthissite.org/ as our target.

HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more
ping
Here we have the ping service enabled. so we can try ICMP Attacks, Common ICMP attacks are related to DOS, here we are using ICMP flood Attack.

What is ping/ICMP flood attack ?


Attackers frequently attempt to overload a targeted device with ICMP echo-requests in a Denial-of-Service (DoS) assault known as an Internet Control Message Protocol (ICMP) flood DDoS attack, also referred to as a Ping flood attack (pings). A network device is typically pinged using ICMP echo-request and echo-reply messages to check on its connectivity, health, and the connection between the sender and the recipient. The target is overloaded with request packets, forcing the network to respond with an equal amount of reply packets. By doing this, the target is rendered impassable to regular traffic.

How to perform an ICMP Flooding ?


Am using kali linux to launch this attack. On kali we have hping3 which we are will be using to run the attack

1. hping3 --icmp --flood <target>

2.you can open another window and try pinging to the target to see if the ping communication happening flawlessly.
3.Use Wireshark to analyze the packets.
if you look the below wireshark data you can clearly understand the attack structure.
Thanks for reading and Happy Hacking all