Minor technical correction, but ping is ICMP rather than UDP.
But I have seen data exfiltration strategies and other communication that uses ping! Nowadays I think it would be nearly impossible for p2p because most firewall default configs will silently drop all ICMP, including pings.
Actually, ICMP-based PMTUD is almost dead in IPv4 due to this exact problem (since ICMP isn't a "protected" protocol which is required for IPv4 connectivity), most actual services tend to do the MTU discovery purely using UDP or even using TCP (https://datatracker.ietf.org/doc/html/rfc4821)
That is essentially an reaction to random middleboxes just plainly droping ICMP traffic. If you want to stuff to work you do not want to just drop ICMP. The sane policy is to just pass it through or maybe rate limit it.
Nod, I remember it not being as effective/easy to hide as exfiltration over UDP/DNS too, as there was always less background noise to hide in. That said, I found this with a quick search - https://github.com/utoni/ptunnel-ng for those who still want to do it. A number of hotels and captive portals still let pings through relatively unmolested even if they play tricks with UDP/TCP.
Any significant data over ICMP will always stick out though if anyone is doing analysis. Which isn’t often, frankly, in situations like I described, but…
But I have seen data exfiltration strategies and other communication that uses ping! Nowadays I think it would be nearly impossible for p2p because most firewall default configs will silently drop all ICMP, including pings.