The Ping of Death is a DOS (Denial Of Service) attack that causes exposed systems to crash and become unstable.

This type of attack originated from a bug that was found in the TCP framework of several OS in the late 90s. if you sent a packet larger than 65535 bytes to a device it would make it crash and unstable.

These types of attacks became very popular because the attacker´s identity could be easily concealed. Although modern new devices are patched and nearly immune to these types of attacks it´s still something useful to know.

How it works

The first thing an attacker will do to carry out the assault is create an ICMP package larger than the 65535 bytes allowed. To do this, the attacker will use the ping command on the command line and create the package.

Here is how a ping of death looks on windows and Linux:

Windows Ping of Death

ping <ip address> -1 65500 -w 1 -n 1

Linux Ping of Death

ping <ip address> -s 65500 -t 1 -n 1

How to stop the Ping of Death

To avoid these attacks, many sites block ICMP ping messages on their firewalls. But this isn´t a good long-term solution. Blocking Ping messages ultimately impedes you from Ping use, which can be useful for checking that site connections are live.

Another option you have is to block or allow ping from iptables:

How to block or allow ping from iptables:

Iptables are a command line firewall that allows or blocks ip traffic.

To install iptables through Linux you type the following command on you terminal:

$ sudo apt-get install iptables

Then type the following command to verify the instalation was successful:

$ iptables --version

Blocking Ping

To block pings from and to the server, type the following command:

$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

An error message should appear. If you don´t want this to happen, then add these commands

$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
$ sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Allowing Ping

This command lists all the rules added to the iptables:

$ sudo iptables -L

If any of the commands are blocking ping, you can remove it typing this:

$ sudo iptables -D INPUT -p icmp --icmp-type echo-request -j REJECT

You can also delete all custom commands thar were added on the iptables Firewall with this:

$ sudo iptables -F

With all of these commands, you now know how to control the Firewall to manage Ping.

But there´s no reason to worry. Nowadays suspicious packets are IP examined and ensure that the length is less than 65535 bytes. If not, the package will be rejected and filtered out of the network.

Also, adjustments and updates to software and hardware over the years means modern devices check to make sure that the packet size isn´t exceeded when joining IP fragments. This makes modern day devices basically immune to these types of attack.

So don´t worry, you can rest easy knowing that the Ping of Death is a thing of the past and your device is safe (for now).

Write A Comment