Cyber attacks

Ping of Death: Everything you need to know.

The ping command is another good example of how technology can be used for positive, but also for evil purposes. This useful and basic tool can become a Ping of Death for your online business. Like with all cyber threats, the best is to be aware of it. Here you have everything you need to know about the Ping of Death!

What is Ping of Death?

Ping of Death (PoD) attack is a denial of service or DoS attack that relies on the use of the ping command for sending oversized packets of data to a specific target with the clear objective of destabilizing it and shutting it down.

The Ping of Death arose at the time first attempts of TCP/IP were practiced. Computer systems then had trouble trying to handle big data packets. Criminals saw the vulnerability and took advantage of it. Operating systems of computers manufactured after 1998 included protection against this vulnerability. However, Ping of Death still exists! Despite the efforts to protect systems, the threat has evolved. Its original version has been controlled, but the new ones have not yet (Ping flood, IPv6).

What is the Ping command?

The ping command is a tool for testing if communication between computers on a network is possible. It sends ICMP (Internet Control Message Protocol) echo requests (messages) to the computer whose reachability is being tested. Then it waits for the answers. The number of answers obtained and the time they take to return are valuable information ping command provides. It’s a simple but useful tool!

How does the Ping of Death work?

The IP (Internet Protocol) defines data packets, including their IP header, must be 65,535 bytes. IPv4 packets that exceed this standard can’t be sent. Cybercriminals know this perfectly, and that’s why they send oversized and malformed packets. 

During a Ping of Death attack, no matter the data packets sent are abnormal, they will still pass to the normal network’s process. They will be cut into smaller pieces for transporting them quicker. The attacked system will try to process them respecting the 65,535-byte standard and to reassemble them, but it will fail on every try. This try-and-fail repetition will drain the system’s, more specifically, its resources. It will crash, and the denial of service for legitimate clients will take place.

Criminals only need the victim’s IP address to execute the attack. Once the traffic is directed to that IP address, they just have to wait for the victim to shut down. This attack still exists because there’s not an intelligent process to reassemble packets. It can be executed using TCP, UDP, or IPX ping messages.

Can I mitigate a Ping of Death attack?

Yes, you can mitigate a Ping of Death attack! Here, some alternatives for you:

  • Enable a checker in the assembly process. If it detects an issue, it will stop the abnormal packets.
  • Discard fragmented ping messages. Yes, you can stop just fragmented pings and normally use the ping command’s utility without being at risk of an attack.
  • Configure your firewall to stop ICMP ping messages. The option that includes a firewall will protect your system but also will quit your chance to use the command’s utility. For instance, to verify connectivity.

Conclusion.

Ping of Death has been on the cyber threats radar long time, and it keeps dangerously evolving. In 2020, a new version through the IPv6 protocol appeared. So attackers could execute DoS attacks and code remotely. Don’t ignore the risk! Create a plan and strength your security asap!