An ICMP flood, often called a ping flood, is a Layer 3 (network) attack vector, one of the volumetric classes a thorough DDoS test is built to exercise. The attacker sends a high rate of ICMP echo-request packets (or other ICMP types) to the target, forcing it to process each one and, for echo requests, generate an echo-reply. At scale this consumes both inbound link capacity and CPU on the responding host, and spoofed source addresses make per-source blocking ineffective.
Why it matters in DDoS testing
ICMP floods are simple but still expose real gaps: many environments leave ICMP unrated at the edge, so a flood saturates the pipe before any application control sees it. Testing measures the rate at which the link or the kernel softirq budget saturates, and confirms that edge rate-limiting or ICMP filtering engages cleanly. Validating that under controlled load is the point of DDoS resilience testing.