Ping of Death (PoD): Protect Yourself Against an ICMP – Ping Flood Attack

June 11, 2016 | Views: 10774

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

ICMP Flood Cisco SMALL


Ping of Death (PoD)

Ping of Death is a type of DoS attack in which an attacker attempts to crash, disrupt, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command. PoD attacks exploit legacy weaknesses, which may have been patched in target systems. However, in an unpatched systems, the attack is still relevant and dangerous.

Recently, a new type of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted system is hit with ICMP packets sent rapidly via ping without waiting for replies.

The size of a correctly-formed IPv4 packet including the IP header is 65,535 bytes, including a total payload size of 84 bytes. Many historical computer systems simply couldn’t handle larger packets, and would crash if they received one. This bug was easily exploited in early TCP/IP implementations in a wide range of operating systems including Windows, Mac, Unix and Linux, as well as network devices like printers and routers.

Sending a ping packet larger than 65,535 bytes violates the Internet Protocol; attackers would generally send malformed packets in fragments. When the target system attempts to reassemble the fragments and ends up with an oversized packet, memory overflow could occur and lead to various system problems including crashes.

Ping of Death attacks were particularly effective because the attacker’s identity could be easily spoofed. Moreover, a Ping of Death attacker would need no detailed knowledge of the machine he/she was attacking, except for its IP address.

It’s worth noting this vulnerability, though best recognized for its exploitation by PoD attacks, can actually be exploited by anything that sends an IP datagram – ICMP echo, TCP, UDP and IPX.

To avoid Ping of Death attacks, and its variants, many sites block ICMP ping messages altogether at their firewalls. However, this approach is not viable in the long term. Invalid packet attacks can be directed at any listening port—like FTP ports—and you may not want to block all of these, for operational reasons.

Moreover, by blocking ping messages, you prevent legitimate ping use. There are still utilities that rely on ping for checking that connections are live, for example. The smarter approach would be to selectively block fragmented pings, allowing actual ping traffic to pass through unhindered.

Save

Save

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
21 Comments
  1. hohohohhooh….good information

  2. so what is the best security for acer chromebookII CB3-111 something with clear common language instructions not up to date on all the tech language ahve some security extensions installed like zenmate, ultrasurfprivacy & unblock vpn. are there better ones that are free and effective

  3. thanx as i am a nubie i don’t know all about pinging so all info is appreciated as i now am aware of the activity that i have experienced on my acer chromebookIICB3-111. it has crashed a few times more than i like and it has frozen up a lot lately is this conneceted to ping death or some other malware attack

    • Likely you do not have anyone crashing your laptop using PoD. If you are running Windows it can be taken down any number of ways such as malware, misbehaving drivers/software, heat issues, hardware failing, and so on. If you really want to be in Cybersecurity you should study the A+ and Network+ Cybrary tracks, and really understand Windows and Linux on a deep level. Good luck!

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel