Ping of death – Definition and examples.

“Ping of death” sounds like the title of a scary movie. And if we follow that idea, yes, it’s a dangerous cyberattack, and victims definitely won’t experience a happy end.

Ping of death definition.

Ping of death is a cyber attack that belongs to one of the most dangerous categories that exist, the denial of service (DoS) attacks. It takes advantage of a specific vulnerability and the ping command use. That’s the origin of its name.

In general terms, to enable a Ping of death attack, criminals use the ping command to send oversized data packets to their target to destabilize or crash it. 

Unfortunately, the technique evolved, giving birth to other variants. For instance, it’s possible to execute the attack by sending not only IPv4 but also IPv6 packets. There’s also a “Ping flood”, in which criminals hit their target, sending a lot of ICMP data packets. They don’t really wait for answers. It’s about flooding the target. 

How does Ping of death work?

The standard established by the Internet Protocol (IP) points every data packet that can be sent (IPv4), including its IP header, must be 65,535 bytes as a maximum. Larger packets go against this standard and can’t be sent. Criminals are perfectly aware of this, so they send malformed data packets divided into pieces.

Since it’s a normal networks’ procedure to divide packets into smaller parts to transfer them faster, and as a way not to exceed the 65,535-byte standard, the targeted system will make an effort to process them, meaning to rebuild them. However, trying to do so, it will repeatedly fail with the oversize and malformed packets, and problems like memory overflow and crashing will appear.

Unfortunately, Ping of death is a popular type of attack because it’s effective and quite easy to enable. Criminals don’t need deep research about their target. The only datum they need is its IP address. That’s it!

Ping of death got popular when the first tries of TCP/IP were made. At that time, computer systems really struggled to handle big data packets. Since this was really exploited, measures were taken, and devices produced after 1998 (their operating systems) were protected. 

For this reason, some people think this attack is no longer a threat. But it’s also a fact that some old computers are still in use, and without patching and security measures, they are at risk. Besides, we already mentioned that the attack is not necessarily working on its original version but on evolved ones. To underestimate it or to neglect protection against it don’t seem like safe choices.

Ping of death examples.

1997, the original Ping of death showed up on the radar. An error in the way operating systems (Unix, Linux, Mac, Windows) handled IPv4 ICMP (Internet Control Message Protocol) data packets made possible the implementation of this attack.

2011, Microsoft had to fix a denial of service present in its TCP/IP stack. It happened when the TCP/IP tried to process a series of forged ICMP messages.

2013, the Ping of death was enabled by sending IPv6 packets on Microsoft Windows systems. The vulnerability was patched in the Windows operating system.

2020, another Ping of death emerged through the same IPv6 protocol. Due to a vulnerability within it, criminals could launch a denial of service attack to hit a target and even execute code remotely. 

Suggested article: How does a Smurf attack work?

Conclusion.

Ping of death is not a new threat, but to ignore it can be dangerous. Prevention is possible, and it’s the smartest decision to protect your business. 

Author: Dominic

Leave a Reply

Your email address will not be published.