DigitalOcean

Report this

What is the reason for this report?
Question

I'm writing a POC-Script to transfer Data via ICMP, looks like DigitalOcean is blocking that?

Posted on December 3, 2025
Droplets
Marco H.

By Marco H.

I’ve set-up a client/server script to transfer Data via ICMP as a Proof of concept. I can PING the Server from the Client, but the Data from the Client does not arrive at the DigitalOcean Server.

I’ve tested my script locally (without a firewall) and also on an alternative Cloud Hosting Provider (there it works).

I’m running: Ubuntu 24.04.3 LTS on the Client and also set-up the Server with this LTS release. The Inbound Firewall is also configured with a permit for my two ISP-Networks.

I know this is a bit special, but does DigitalOcean block such ICMP Packets with it’s Anti-DDoS mechanism or anything else which I can’t see?

Thanks for your feedback.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
December 5, 2025

Hi,

As far as I am aware, DigitalOcean doesn’t block normal ICMP echo traffic, but maybe anything that looks like non-standard payloads, tunneling, or patterns that resemble abuse can get rate limited or dropped by the network edge. I feel like that ICMP is allowed, but it’s probably not guaranteed to behave like a clean data channel.

For POC-style ICMP data transfer, maybe it is expected to break because DigitalOcean’s DDoS protection and edge filtering won’t treat those packets as valid ping traffic. Though I might be wrong.

Probably best to open a ticket with the support team. They can confirm exactly what is being filtered on your Droplet’s route:

https://www.digitalocean.com/support/

0
alexdo
alexdo
December 5, 2025

Heya, @marcohuggenberger

If your Droplet is behind a cloud firewall, you need to add an inbound traffic rule that allows ICMP traffic to reach the Droplet. The ping diagnostic tool uses the ICMP protocol to verify connections. If your cloud firewall doesn’t have an inbound rule for ICMP, it will block any attempts to reach the Droplet with ping.

https://docs.digitalocean.com/support/how-do-i-debug-my-droplets-network-configuration/

Regards

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.