feedburner

Subscribe to the site feed for newer articles

feedback-image

ddos attack/ping flooding: Explanation and Solution

Labels:

what is a ddos attack/ping flooding attack ?

ddos attack or ping flooding attack is basically sending large and continuous ICMP (Internet control message protocol) echo packets to a target host and wait for the icmp reply message. Now what this does is, it floods the target host with large data segments and if ICMP service is not disabled by the target host then it will send the ICMP echo reply message (that's what an attacker wants to accomplish).

So if you want to try it out just use the following variation of the ping command:-

ping -t -l [buffer_size] "target_ipaddress"

The options:-

-t for repeated sending of icmp echo messages.

-l [buffer size] : the size of packet to be sent from[0 to 65500]

target_ipaddress : the host address you want to ping to

you can always stop the ping command like any other command by pressing ctrl+c (for windows) combination that kills the process.

For the attack to be more effective tell some of your friends a group of 10-20 people to join you and ping together an ip address.


For example:

ping -l 34567 -t 202.63.160.186

the output will be like the following image :-
















The solution:-

If you are a server admin you would know about this issue and you would have probably solved this by now, but many counter strike or any other online game server admins don't know the cure for this.

Well the cure is very simple and for that you have to disable the icmp service for the wan interface of your modem/router. Now what this will do is, it will silently ignore the icmp echo request.

Follow these steps to disable the icmp service for the wan interface in the router/modem :-


  • Open your web browser and type the address of the default gateway configuration page(by default it is http://192.168.1.1/index.html or http://192.168.1.1/main.html or 192.168.1.1) and then type in the user-name and password pair (by default are admin, admin or admin, password) .

  • Now, first find the management section in the configuration page, then the access control configuration page and finally the services config page (don't worry if you cannot find the exact sequence the important thing is that you must be able to find the service configuration page)

  • Uncheck the icmp service, save the changes and after saving the changes you might have to reboot the modem so reboot it. Now any ping request to your modem's wan interface will be warded off (and counter strike admins will be able to run their servers with no lag due to this attack) (Refer to the following snapshot of my modem page which is a beetel 220bx)


















Note:If you have any issues do post your comments.