Introduction

An ICMP echo-reply message or “ping” is similar to a sonar pulse used in a network utility used to test a network connection. The “echo” or reply from that pulse will let the ping operation scan the environment for live connections. So, what is ping of death? When a system receives a ping, it sends a reply when working to the source machine.

Here is what the ping of death meaning is. PoD or Ping of Death is a type of DoS- Denial of Service attack in what is ping of death attack where the perpetrator attempts to crash, overwhelm or freeze the targeted server or computer by sending oversized malicious data packets using the ping of death command.

  1. Attack Description
  2. How does a Ping of Death work?
  3. How is a Ping of Death (PoD) DDoS attack mitigated? 

1. Attack Description

Such ping of death PoD attacks happens on both patched and unpatched systems by using legacy weaknesses on the target systems. Of recent ping of death attacks, have popularly used attacks called a Ping flood attack wherein the target server is hit with quick and rapid ICMP packets without waiting for the target to send replies.

The ping of death attack was popular and effective since the identity of the attacker or the IP address can easily be spoofed. Being open-source, simple to download, install and use without any technical knowledge, a Ping of Death attacker running the DoS tool needs no knowledge of the target machine except its IP address. This vulnerability was exploited across devices, servers and systems sending an IP datagram like TCP, ICMP (Internet Control Message Protocol) echo, IPX and UDP.

2. How does a Ping of Death work?

Let us look at a ping of death attack example. In an IPv4 packet, the correctly-formed packet size, including the IP header, is 65,535 B with a payload of 84 B. Older legacy computer systems cannot handle large packets of this size and crash when they receive such a packet. This inherent weakness was exploited in ping of death attacks where the operating systems like computers using Windows, Unix, Mac, Linux, network devices, routers and printers, used early versions of TCP/IP implementation.

Further, sending packet sizes for pinging, which are larger than 65,535 B violates the Internet Protocol. To avoid this ping of death issue, the malicious data from the attacker would be fragmented to send malformed packets with a ping of death attack command. When the targeted system tries to reassemble the fragments, it discovers an over-sized packet, causing a memory overflow, slowing of systems and could also lead to a system crash.

3. How is a Ping of Death (PoD) DDoS attack mitigated? 

So, how to prevent ping of death attack? Let us look at how to stop ping of death attack and its variant versions. One way is to block ping ICMP messages totally at the firewall. However, this is not a long-term approach to prevent ping of death and suffers from some defects.

The invalid and malicious packet attacks can also be sent to any of the listening FTP ports, which cannot be blocked due to operational reasons. Further, blocking ping messages also impacts the legitimate ping use, which many utilities still rely on to check if there are any live connections on the network. 

The best approach is to filter out and block selectively the fragmented pings suspected of abnormal activity while allowing legitimate ping traffic to pass unhindered through the network and firewalls.

Conclusion

Having studied the PoD definition, its attack methodology and legacy mitigation solutions, we find DDoS Protection services like Imperva can preemptively and intelligently scan, filter and remove abnormally large malicious data packets, even when they are fragmented. This method based on behaviour analysis also eliminates all kinds of packet-based attacks.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.

ALSO READ

SHARE