A ping flood is a simple Denial of service attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. It only succeeds if the attacker has more bandwidth than the victim (for instance an attacker with a T1 line and the victim on a dial-up modem). The attacker hopes that the victim will respond with ICMP Echo Reply packets, thus consuming outgoing bandwidth as well as incoming bandwidth.
Defense:
To reduce the effects of a ping flood, the victim can use a firewall to filter the incoming ICMP Echo Request packets. This would make his computer not answer back with the ICMP Echo Reply packets.
In this case the defender wastes less bandwidth by not answering these packets with outgoing.
It gets more difficult for the attacker to measure the effectiveness of the attack.
The most effective strategy is to filter only large ICMP Echo Request packets.
In this attack note that you cannot trust the source IP address to be the address of which the packets are originating from since it can be spoofed to make it appear coming from another address. Each packet can also be spoofed to contain a random generated address.
