What is a ping of death attack?
A PoD (Ping of Death) attack is a type of denial-of-service (DoS) assault where the attacker sends a packet that exceeds the maximum permissible size, causing the victim’s computer to crash or freeze. The original PoD attack is becoming less frequent. An ICMP flood attack, which is similar, is more common.
How does a ping of death attack work?
An ICPM (Intenet Control Message Protocol) echo-reply message, also known as a “ping,” is a network tool used to examine a network connection. It operates similarly to sonar in that a “pulse” is sent out, and the “echo” from that pulse provides environmental information to the user. In the case of the connection functioning properly, the source machine gets a response from the target computer.
Despite some ping packets being short, the size of IP4 ping packets is substantially larger and can exceed the maximum permitted 65,535 bytes packet size. Numerous TCP/IP systems were never developed to withstand packets above the maximum size, making them vulnerable.
When an attacker sends a maliciously big packet to the victim, it is broken into pieces, each being smaller than the size limit. When the target computer tries to reassemble the fragments, the total goes past the size limit, resulting in a buffer overflow and the target computer rebooting, freezing, or crashing.
Despite the usage of ICMP echo for this attack, any method that includes the transmission of an IP datagram is employable. IPX, TCP, and UDP transmissions are all included.
How is a ping of death DDoS attack mitigated?
To prevent such an attack, we recommend the addition of checks to the process of reassembly to ensure that the packet size limit is not surpassed after packet recombination. Another option is the establishment of a memory buffer with adequate space to accommodate packets that exceed the limit allowed by the guidelines.
The original PoD attack is almost extinct; electronics manufactured after the year 1998 are usually immune to this form of attack. Some outdated hardware might still be at risk. A new PoD attack for IPv6 packets was identified recently and patched in mid-2013. Cloudflare DDoS Protection discards faulty packets before they reach their target, causing the mitigation of PoD attacks.