What is a ICMP Flood, Ping Flood, Smurf Attack?

An ICMP request requires the server to process the request and respond, so it takes CPU resources. Attacks on the ICMP protocol, including smurf attacks, ICMP floods, and ping floods take advantage of this by inundating the server with ICMP requests without waiting for the response. This attack seeks to overwhelm the server's ability to respond, thereby blocking valid requests.

Since ICMP packets should be rare in a normal traffic situation, F5 BIG-IP Local Traffic Manager (LTM) and BIG-IP Advanced Firewall Manager (AFM) are able to mitigate ICMP floods by limiting the rate of all ICMP traffic, and then dropping all ICMP packets above this limit. BIG-IP LTM and BIG-IP AFM provide the ability to set a limit on the maximum number of ICMP packets to prevent the server from ever getting flooded.