Ping of Death. It sounds as dangerous as it is. It can bring down your server and keep it that way for a long time using a simple tool like the ping command. A bit of modification of the packets of data and your server might have a serious problem.
What is Ping of Death?
Ping of Death or PoD is a Denial of Service attack (DoS attack) that uses a vulnerability connected to the ping command and the packet size. The attackers use the ping command and send data packets that are oversized. The normal size of an IPv4 packet of data, with its IP header, is 65 535 bytes, so everything that is above, like 65 536 bytes, will cause problems.
In the past, each time a computer received such a packet, it would crash. It was happening on many different OSes like Windows, Linux, Unix, and macOS.
Based on the Internet Protocol (IP), it is impossible to send a packet larger than 65 535 complete.
But as you know, packets are chopped into pieces so they can be transferred faster on the network, and then each can be less than the maximum. The target will try to understand the incoming packets and reconstruct them. While doing it, it will fail because of the size, and it will crash. In a successful attack, the target will experience downtime.
What made the Ping of Death so popular is the fact that the only information the attacker needs to know is the target’s IP address. Having it, it can direct its attack and wait until the victim falls.
Why Ping of Death exists?
There is a clear reason why such a threat exists – the lack of an intelligent packet reassembly process. It is a general packet reassembly issue. It can easily be used with ping messages, TCP, UDP, and IPX.
How to mitigate Ping of Death attack?
There are 3 popular ways to mitigate Ping of Death attacks:
- You can block the ICMP ping messages altogether. This can be performed from your firewall settings. It is not a great approach because the attack will stop you from using the ping command to diagnose connectivity. Also, the attackers could use other ports for the attack, and you don’t want to block ports that you use for other services.
- Stop the fragmented ping messages. If you have an active defense that stops only the fragmented pings, you can still use the command for your networking needs and stay safe from dangerous attacks.
- Add a checker to the packet assembly. That way, it will spot the problem and discard the bad packets.
Is there any other attack using the ping command?
Yes, there are different DoS and DDoS attacks that use the ping command. One popular type is the Ping flood, in which the attacker uses to send many ping packets to the target from multiple locations without waiting for an answer. The target tries to answer all of them, and if there are too many requests, it crashes.
Conclusion
Luckily the original Ping of Death is an attack that was already stopped on most modern OSes. Yet, criminals are not waiting with their hands inside their pockets. There is already a version from 2013 that sends IPv6 packets, so we still need to protect ourselves from it.