Table of Contents
Imagine a machine, like a laptop or a server, that some unscrupulous hackers want to freeze or crash. To do so, these hackers prepare to target it with a ping of death (PoD) attack. The PoD is another name for denial-of-service attacks. The attack basically sends a packet to the targeted machine that’s bigger than the maximum allowable size.
Before a PoD attack, a hacker basically sends a ping to the targeted machine and gets an echo reply. This means that the connection between the source machine and the target machine is intact.
These ping packets are usually very small. IP4 ping packets have the max allowable packet size of 65,535 bytes. To launch a PoD attack, the hacker sends ping packets larger than 110,000 bytes to the target machine.
Since some TCP/IP systems can’t handle such packet sizes, they are broken into segments. These segments are well below the max size limit. What happens next is that the target machine tries to put the pieces back together. In doing so, the total packet size exceeds the limit, resulting in a buffer overflow. This causes the target machine to crash, freeze or reboot.
This sort of attack can be transmitted over TCP, UDP and IPX protocols as well. Basically, anything that sends an IP datagram.
There are a number of security measures that help protect against DDoS attacks. You can either create a memory buffer with enough leeway to handle larger packets that exceed normal limits. Or you can add checks during the packet reassembly process that protects against reconstructed packets of large sizes.
For devices manufactured after 1998, the Ping of Death attack is nothing to worry about. However, some legacy equipment is still susceptible to PoD attacks.
A new Ping of Death attack that affects IPv6 packets was discovered and patched in mid-2013. Additionally, Cloudflare servers can also protect you against DDoS by eliminating malformed packets before they can reach the host.
To prevent a ping flood, here are 4 things that you should always do:
To understand how a ping of death attack occurs, let us take a look at a network utility called “ping.” To check network connectivity, users can send a ‘ping’ command. This command works exactly like a pulse – a signal is sent out, and the machine waits for an echo signal in return. An Internet Control Message Protocol (ICMP) echo-reply message to be precise.
These pings are limited to 65,535 bytes max. Anything exceeding it can crash the target system.
Unscrupulous hackers employ the ping command to trigger a ping of death. To accomplish this, they create a simple loop that sends pings bigger than the 65,535-byte limit to the target machine. The machine crashes while trying to put these larger-than-normal pings together.
The rules of Internet Protocol (IP) only allow for packets that are 65,535 bytes. To circumvent this limit, attackers send fragments of data that exceed this limit once reconstructed on the target system. The oversized packet ends up causing a memory overflow, triggering a crash or reboot on the target machine.
The PoD first appeared in the mid-1990s. By 1998, hardware manufacturers had incorporated security features that made computers and internet devices immune to these types of attacks.
You only need to worry about ping of death attacks if:
Here are some steps you can take:
What is a ping of death attack?
It is a type of denial-of-service attack that happens as hackers overload a target system with larger-than-normal data packets and ICMP ping messages.
Is a ping of death attack worrying today?
Modern hardware manufacturers have made ping of death attacks extinct. Still, ping of death attacks can happen by exploiting software or platform vulnerabilities.
How can my organization protect itself from the ping of death attacks?
Make sure you keep your computer systems and devices updated and patched. Also, avoid legacy equipment. Additionally, you can set up a firewall that blocks ICMP ping messages. And lastly, you can use services that offer distributed-denial-of-service (DDoS) protection features.