cancel
Showing results for 
Search instead for 
Did you mean: 

ICMP Flood Detected

adagio
Grafter
Posts: 196
Registered: ‎03-04-2008

ICMP Flood Detected

Can anyone tell me what this means please?
Internet Domain: lo0-plusnet.thn-ag3.plus.net
Internet Address: 195.166.128.80
                                                  Today                                      This Week
Total Attacks Blocked                  6                                                    6

High Risk                                    6                                                    6
ICMP Flood Detected                    6                                                    6

Angry
3 REPLIES
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: ICMP Flood Detected

From Google
ICMP FLOODS -- these floods are initiated when a user sends a huge series of data packets that directly attacks your winsock (or other dialer). The ICMP sends a series of ping packets directly to your dialer (bypassing your client program) and keeps it busy so that it isn't able to reply to server ping activity requests. The result is that the server thinks you've left and your connection eventually times out and disconnects.
You will notice abundant activity in your modem lights if someone is ICMP-flooding you. If you use a winsock dialer that has IP tracing capability enabled, your winsock will display a log of the actual ICMP flood. A shareware program called netXray is available for use in Win95 that can do the same thing (and more). Other packet sniffers are also available. For more info on using firewalls, join #ICMP or ask your service provider for information for configuring your clients to connect to a firewall on the ISP's server.
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: ICMP Flood Detected

Might I suggest the use of the Plusnet firewall which can be enabled in your member centre.
adagio
Grafter
Posts: 196
Registered: ‎03-04-2008

Re: ICMP Flood Detected

Thanks for the responses. Sorry to have been so long in replying. The issue has not caused me a problem. The router firewall seems to have dealt with it ok but has reported it to me. I was curious to know the cause. Why does the source appear to be within Plusnet's domain?