The ping of death (PoD) command is a type of denial-of-service (DoS) attack where hackers work to destabilize or freeze the target computer service. They do so by sending oversized packets via a ping command. The ping command checks the availability of a network resource.
Using the ping of death command requires attackers to send data packets above the maximum limit that the Transmission Control Protocol/Internet Protocol (TCP/IP) allows. Since the packets are more than what a server can handle, they can cause the target system to reboot, freeze, or completely crash.
Read More about the “Ping of Death Command”
A Brief History of the Ping of Death Command
Back in 1996, ping of death attacks became an effective method for hackers to exploit legacy system weaknesses present in unpatched devices. These attacks often succeeded because many operating systems (OSs) did not know how to react when they received large packets. Their response was to either reboot or crash.
Attackers used the ping of death command because they could easily hide their identities and do not need to know much about the system they plan to disable. All they needed was its Internet Protocol (IP) address.
By 1997, most OS vendors released patches that addressed the ping of death command. Despite that, it is still pretty common to see websites block Internet Control Message Protocol (ICMP) ping messages as a countermeasure against various iterations of this kind of attack.
How Does the Ping of Death Command Work?
A correctly formed IPv4 packet comprises 65,535 bytes plus the total payload size of 84 bytes. Many older computer versions remain unfamiliar with handling packets bigger than an IPv4 one and crash in such an event. That is why attackers quickly exploit this weakness in older systems, regardless of OS (i.e., macOS, Windows, and Linux). Even legacy network-connected devices such as routers and printers are prone to ping of death attacks.
Sending large packets (i.e., over 65,535 bytes) violates the IP rules. As such, attackers typically send these packets in fragments. As soon as they are assembled to form a large packet, a memory overflow occurs, resulting in several issues, including a system crash.
How Do You Mitigate Ping of Death Attacks?
Several ways of preventing ping of death attacks have been devised over the years, including:
Blocking ICMP Ping Messages
Most networks use firewalls that can block ICMP ping messages. While they can stop ping of death attacks, though, they are not ideal in the long term because they can restrict reliability and performance. You also need to understand that invalid packet attacks can still be launched at listening ports like File Transfer Protocol (FTP) ones. Unlike ICMP, FTP ports are not completely closed because doing that can adversely affect operations. Similarly, blocking ping messages also means preventing valid ping use.
Blocking Fragmented Pings
A more plausible method is to block fragmented pings. That still allows legitimate ping traffic to flow unhampered. Some services can also identify and filter large packets, even if they come fragmented. And so they prevent ping of death and other packet-based attacks.
Increasing Memory Buffers
Another way to effectively prevent ping of death attacks is to increase memory buffers. That should reduce instances of memory overflows that cause systems to reboot or crash.
The ping of death command may be a thing of the past, but it does not mean that attackers cannot use it today, especially against companies that still use legacy systems.