How can we measure the efficiency of the flood technique? Will it be by the number of bots required for flooding the link? In case of UDP and ICMP, which one would be more efficient and why?
Asked
Active
Viewed 1,857 times
3 Answers
4
The main goal of the UDP flood attack is to flood random (or specific) ports on a remote host. A UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will: Check for the application listening at that port, see that no application listens at that port and reply with an ICMP Destination Unreachable packet. Thus, for a large number of UDP packets, the targeted system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, effectively anonymizing the attacker's location on the network. This process consumes target resources, which can ultimately lead to inaccessibility. This could also be used against specific applications.
Another variation is the UDP Fragmentation Flood. The activity generated by this attack resembles valid traffic. This version of the UDP Flood attack sends larger yet fragmented packets to exhaust more bandwidth by sending fewer fragmented UDP packets. When the targeted server tries to put these unrelated and forged fragmented UDP packets together, it will fail to do so, Eventually having its resources exhausted resulting in possible crash/reboot.
ICMP Flood is similar in principle to the UDP flood attack: an ICMP flood overwhelms the target resource with ICMP Echo Request (ping) packets, generally sending packets as fast as possible without waiting for replies. This type of attack can consume both outgoing and incoming bandwidth, since the victim’s servers will often attempt to respond with ICMP Echo Reply packets, resulting a significant overall system slowdown.
Overmind
- 8,779
- 3
- 19
- 28
-
While this answer explains attack types very well, it does not answer the OP's question. – Tom K. Feb 22 '18 at 14:55
-
The question does not specify efficiency against what. – Overmind Feb 23 '18 at 08:54
0
The efficiency of a flood technique probably depends a lot on the protocol used, UDP packets may vary on size if you compare with ICMP, however, probably the correct metric is if the service that you want to flood is interrupted. Some services, for example DNS, will need a different flood metrics than a SIP service. So is difficult to compare because basically is two different types of attack.
camp0
- 2,172
- 1
- 10
- 10
-
1Additionally, a UDP flood may attempt to overwhelm an application, whereas ICMP is handled by the kernel. – forest Feb 22 '18 at 08:36
0
ICMP (ping) floods are more damaging because they are slower and generate lower traffic than UDP flood attacks and the server will try to respond to ICMP requests more often than UDP requests. But, in terms of how fast the server goes down UDP, HTTP, TCP and LDAP are more effective for an instant downing of the server.
-
2Welcome on the Security SE! I suggest to write more about the reasons. I think UDP requests use typically more resources on the target, what makes UDP flooding looking more effective. – peterh Mar 19 '19 at 16:06