+3 votes
in Security by (242k points)
The ping of death: one of the first network attacks

1 Answer

+4 votes
by (1.6m points)
Best answer

What is the ping of death?
What is the mechanics of a ping of death attack
Measures to protect yourself from the ping of death


The ping of death: one of the first network attacks

The attack Ping of Death (in English, ping of death attack ), one of the oldest Internet attacks, produced the immediate fall of vulnerable systems . Fortunately, it stopped working on most devices around 1998..

The ping of death attack uses the Internet Control Message Protocol (ICMP), although, in principle, it can also use other IP-based protocols. Since modern systems are protected from the ping of death , today's hackers tend to use the related ping flood to carry out their attacks instead.

  1. What is the ping of death?
  2. What is the mechanics of a ping of death attack
  3. Measures to protect yourself from the ping of death

What is the ping of death?

The ping of death is a type of denial of service (DoS) attack. To trigger it, the attacker sends a malicious data packet to the receiver. When the target system tries to process it, an error is generated that hangs the system..

Metaphorically, the ping of death is comparable to a package bomb : when the victim opens it, the mechanism is activated and the target is immediately damaged or destroyed. The so-called ping command, from which this attack gets its name, is generally used to check if a device is available on the network. In technical terms, the ping command is based on the Internet Control Message Protocol (ICMP), which is used to transmit status information on the Internet.

There are different attack models that are included under the generic term of denial of service attacks: the ping of death, like the SYN flood, belongs to the protocol attacks . In addition, there are attacks on the application layer, which include in particular the HTTP flood, and volumetric attacks that saturate the target with a massive flow of data, among which are included the ping flood, closely related to the ping of death , and the UDP flood, made famous by the Low Orbit Ion Cannon tool, the so-called death star of DDoS..

What is the mechanics of a ping of death attack

To carry out this attack, the attacker creates an ICMP packet that exceeds the maximum authorized size . This datagram is divided into smaller chunks so that it can be sent. When you reassemble all the shards on the recipient side, the last one exceeds the allowed size, causing a buffer overflow if the system is unprotected. The result is a system crash or crash, which suffers a denial of service effect .

In a ping of death attack, the attacker blocks the target system with a cleverly crafted data packet.

An Echo ICMP packet is typically 56 bytes in size. In contrast, the packet sent in a ping of death attack is at least 65,535 bytes, more than a thousand times larger and equivalent to the limit per packet set in the underlying Internet Protocol (IP).

In order to create the ping packet of death, the attacker uses the ping command on the command line . The key is a parameter whose value determines the size of the ICMP data field. On Windows systems, the option is called -l (of the English load , ie load ). In other systems, the -s option (from English size , that is, size ) is used.

Ping of death in Windows:

  ping <dirección ip> -l 65500 -w 1 -n 1  

Ping of death on Linux / UNIX / macOS:

  ping <dirección ip> -s 65500 -t 1 -n 1  

Measures to protect yourself from the ping of death

The ping of death is one of the oldest attacks . Since it was discovered in 1997, some features of the server software and operating systems have been changed so that it can always be guaranteed that the maximum size of a datagram is not exceeded when combining IP fragments. Alternatively, using a larger buffer memory can protect against the dreaded overflow. Most modern systems are immune to the ping of death.

In addition, malicious packets are already filtered as they pass through the network , which can be done at the level of routers and firewalls or through the use of content delivery networks or CDNs ( content delivery network ). For each IP fragment, the header is examined, which should include the following formula: fragment length + total length? 65,535 bytes. If an IP fragment does not meet this, the total size allowed is exceeded when assembling the datagram and the packet is then discarded.

In summary

As all modern systems are often protected against ping of death, today this attack poses virtually no danger to users.