Explain why blocking ping (ICMP echo request) packets at an organization's edge router is not an effective defense against ping

Question

3 years ago

11

Explain why blocking ping (ICMP echo request) packets at an organization's edge router is not an effective defense against ping

flood attacks where the attacker is trying to consume bandwidth. Describe an effective defense against such an attack. Your answer must have enough detail to show that you understand the concept.

Computers and Technology

1 answer:

tresset_1 [31] · Answer 1 · 2021-11-26T20:24:34+03:00

Answer:

The blocking ping is not effective in an organization because it may required ping echo message from some trusted system. the best method will be to do the filtering of incoming echo ICMP messages.

In systems we have ping utility, that is based on ICMP protocol. Its function is to check the end to end connectivity of the system.

In this case a fist all an echo ICMP message is send to the host then host reply with ICMP message. to defend yourself from this flood attack, we need to filter the incoming echo ICMP packet messages. a net filter can be used to achieve it.

The best method be to applied is the firewall having a net filter with limit setting or any intrusion system. In market we have various firewall and intrusion system available to do so.

Explanation:

Solution

Ping Flood Atack:

In this attack the main of the attacker is to saturate the system with ICMP for example (internet control message protocol) traffic. as you have saturated the system, it will have less CPU time to serve others.

Defence against this attack:

In our systems we have ping utility, that is based on ICMP protocol. Its used to check the end to end connectivity of the system. here fist all an echo ICMP message is send to the host then host reply with ICMP message. to defend yourself from this flood attack , we need to filter the incoming echo ICMP packet messages. a Net filter can be used to achieve this.

The best way will be to used the firewall having net filter with limit setting or any intrusion system. In market we have various firewall and intrusion system available to do so.

Blocking ping packets to avoid ping flood attack:

Its not a good approach to block ping packets. because you may required ping echo message from some trusted system. The best option will be to do the filtering of incoming echo ICMP message.