said by tubbynet: said by jjoshua:
I was thinking about ICMP flood.
what about tcp syn flooding? crafted sql, rpc, etc. attacks? a botnet isn't just icmp flooding. that is one fraction of *all*botnet attacks that are out there.
Not to mention, how do you decide what's a ping flood? Repeated pings become a DoS attack when the bandwidth of the target is less than the aggregate bandwidth of the source(s) of the attack. I've had occasion to need to run continuous pings on known endpoints (say, Google) while testing for intermittent connection issues. Even though I may have sent thousands of ICMP packets in a short time, it was not an attack.
Ping floods are generally only effective when they're distributed, and if they're distributed then you can't tell just by looking at a single source, whether its an attack.
jjoshua, I suggest you hit the books and learn about networking instead of trying to debate something you don't know much about.