Ping of death

Ping of death

The Ping of death is a type of denial-of-service attack in which an attacker sends a malicious ICMP ping packet to a target system. The packet is larger than the maximum allowable size, causing the target system to crash, freeze, or reboot.

Overview[edit | edit source]

The Ping of death works by exploiting vulnerabilities in the way systems handle oversized packets. Normally, a ping packet is 56 bytes in size or 64 bytes when the ICMP header is considered. However, the Ping of death involves sending a packet that exceeds the maximum size of 65,535 bytes allowed by the IP standard. When the target system attempts to reassemble the oversized packet, it can cause buffer overflows and other issues that lead to system instability.

History[edit | edit source]

The Ping of death was first discovered in the mid-1990s and became a widely known method for disrupting systems. Many operating systems, including early versions of Windows, Unix, and Mac OS, were vulnerable to this attack. Over time, patches and updates were released to address these vulnerabilities, making modern systems largely immune to the Ping of death.

Mechanism[edit | edit source]

The attack involves sending a fragmented ICMP packet that, when reassembled, exceeds the maximum allowable size. The steps are as follows: 1. The attacker sends a series of fragmented ICMP packets to the target. 2. Each fragment is within the allowable size limit. 3. When the target system reassembles the fragments, the total size exceeds 65,535 bytes. 4. The oversized packet causes a buffer overflow or other error, leading to system instability.

Mitigation[edit | edit source]

To protect against the Ping of death, system administrators can take several measures:

Ensure that all systems are updated with the latest patches and security updates.
Configure firewalls to block ICMP packets that are unusually large or fragmented.
Use intrusion detection systems to monitor and block suspicious network traffic.