Understanding ICMP Flood Attacks

An ICMP flood typically occurs when ICMP echo requests overload the victim with so many requests that the victim expends all its resources responding until it can no longer process valid network traffic.

When enabling the ICMP flood protection feature, you can set a threshold that, once exceeded, invokes the ICMP flood attack protection feature. (The default threshold value is 1000 packets per second.) If the threshold is exceeded, Junos OS ignores further ICMP echo requests for the remainder of that second plus the next second as well. See Figure 79.