PING OF DEATH

Marsella Arisia
BINA NUSANTARA INTERNATIONAL
marsella.arisia@yahoo.com

ABSTRACT
Ping (Packet Internet Groper) is a utility program used to check network connectivity based on
Transmission Control Protocol (TCP) or Internet Protocol (IP) technology. By using this utility,
we can test whether a computer connected to other computers. This is done by sending a packet
to the IP address to test the connectivity and waits for a response from the packets. If the ping
utility shows positive results then both computers are connected to each other on a network.
Ping is not only used to check whether computers are connected to other computers, it is also
used to attack a computer or even a network. This process leads us to what so called “Ping of
Death”. Ping of Death is an attack that sends Internet Control Message Protocol echo request
packet (Ping) in large size with the purpose of making the input buffer on the destination
network become overloaded and eventually make the network error.
Keywords: Ping, Ping of death

I.
II. INTRODUCTION

IP has maximum number of packets that can packets that has been split, a buffer overflow
be received, when it handle ping packets that may occur, and this which often cause
is larger than 65.536 byte, it may caused system crashes.
damage on the computer. Ping of death is an III. MORE ABOUT PING OF
attack that uses this system, it involves DEATH
sending the wrong overloaded ping and
One of the features of the TCP / IP is
harmful to the target computer. The attack
fragmentation that allows one IP packet to
exploits the way ping program by sending a
be broken up into smaller segments.
large size packet (more than 65.535 bytes) to
Attackers started to use that feature when
the destination system or computer. Some
they discovered that a package is split into
computer or network will hang when it is
fragments that can add up to more than
attacked by this way. In general, sending
65,536 bytes are allowed. Many operating
65.535 bytes of ping packets is illegal
systems do not know what to do when they
according to the network protocol, but such
receive a large package they can be froze,
a package could be sent if the package has
crashed, or rebooted.
been broken, when the target arrange the

Ping of death attacks especially dangerous
because the identity of the attacker that
sends a large packet can easily fake, and
because the attacker does not need to know
anything about the machines or computers
they attack except for its IP address.
IV. CAUSED OF CRASH
It is important to remind us that sending an
illegal packet with more than 65.535 bytes
of data is possible because of the way of
destruction packet can be done. This process
of destructing packets can be called
fragmentation. The fragmentation relies on
an offset value in each fragment to
determine where the individual fragment
goes upon reassembly. As a result on the last
fragment, it is possible to combine a valid
offset with a suitable fragment size like
“offset + size” is larger than 65535 bytes.
Since typical computers or machines don't
process the packet until they have all
fragments and have tried to reassemble it,
there is the possibility for overflow of 16 bit
internal variables, which can lead to system
crashes, reboots or ever freezing.
It can be easy to lose the root of the problem
when referring to ping. The problem is not
only limited to ping but also other things
that send IP datagram. TCP, UDP and IPX
can affect the machine tremendously. A
firewall blocking a ping is a temporally fix.
The sole solution to combat ping issues is to
secure the kernel of the overflow when the
reconstruction IP fragments. But blocking
ping will only secure one part of the
problem; damage can still be carried out
through NFS, Telnet, http, and all other
ports within the system that is exposed.
Operating system vendors have made a
patch available to avoid the ping of death.
However, many Web sites continue to block
Internet Control Message Protocol (ICMP)
ping messages of their firewalls to prevent
variations in the future this kind of denial of
service attack.
V. TO PREVENT PING OF
DEATH
If there is no patch available, and your main
problem afraid of pings from users outside
your network, the best solution is a quick fix
on the firewall blocking the ping. This is not
a long-term solution. If you have any detect
services or listeners on any port at all, they
are prone to problems.
It is possible that sooner or later, someone
will come out with a program that will send
invalid packets to a web server, an FTP port.
The only solution is to patch your operating
system. By blocking the ping, you prevent
people from your side at all. This might
even solve some of the things that depend on
the ping. A better solution than blocking all
pings is to block only the fragmented. This
will allow your normal 64 byte ping through
in almost all systems, while blocking
anything larger than the maximum
transmission unit size of the link.
VI. CONCLUSION
Ping of death is one of the attacks that
frequently use by attackers in the
present time and it’s one of the
hardest type of attack that is
difficult to be anticipated. If an
attackers able to perform this
attack in a system, most likely
the system will crash.
VII. LESSON LEARNED
In order to prevent this type of attacks,
the administrator will need to
install firewall at the router and
limit the port opened so that the
packets cannot be send easily.
VIII. REFERENCES
http://en.wikipedia.org/wiki/Ping_of_de
ath
http://en.wikipedia.org/wiki/Ping
http://www.sans.org/tysonscorner07/des
cription.php?cid=1043
http://www.sans.org/silverspring06/des
cription.php?cid=1043