What Is the Ping of Death (PoD)? Definition, Damage & Defence
During a ping of death attack, one computer sends a large ping data packet. The huge data load crashes the recipient's computer. In some cases, that crash allows hackers to take over the computer to enact malicious code.
A "ping" is a command within the Internet Protocol network. Computers use it to determine if a host is online and available.
We once thought of a ping of death as a legacy technique. As long as we were using updated software, we told ourselves, we'd be safe. But hackers have tweaked and resurrected the method, and new versions emerged in late 2020.
What is a ping of death attack?
Is another computer online? Can you communicate with it? A ping, sent via the Internet Control Message Protocol (ICMP), helps you answer that question.
You send a ping, the source machine responds, and you're connected. A ping of death hijacks this process.
Ping packet sizes were capped at 65,535 bytes per the Internet Protocol released in the 1980s. As designers created their consumer-facing systems, they never imagined getting larger packets. But that’s exactly what a ping of death attack uses.
During a ping of death, an attacker:
- Chooses a victim. All the hacker needs is an IP address. Attackers don’t need detailed knowledge of the age of the machine or its operating system.
- Fragments. Attackers break large payloads into pieces, so they can send them sequentially.
- Releases. All of those bits head to the victim in a series of pings. When the system attempts to reassemble the information, the pings exceed the byte cap. The system crashes.
The original ping of death attacks happened in the 1990s and early 2000s. Developers reworked code to eliminate risks, and most consumers thought the threat had passed.
Unfortunately, the hack came back in 2013. Consumers were urged to download patches, so their Internet Explorer systems wouldn't be vulnerable and crash. On one day, Microsoft released 19 patches to fix the issue.
In October of 2020, the ping of death returned. Microsoft once again responded with patches to help consumers eliminate the risk and strengthen their security. Reporters also helped spread the word. They warned consumers that hackers could use this version of the ping to take over computers and execute malicious code.
It's important to note that a ping of death doesn't typically target something big, like a server. Instead, this method takes down individual computers and other devices. If you're under attack, you might encounter a blue screen with no functionality. Or it may seem like your device won't even turn on.
Anything connected to the internet, including IoT devices like smart refrigerators, could come under attack via this method.
Prevent a ping flood in 4 steps
A blinking blue screen is terrifying for any computer user. So is a nonfunctional smart device. Anyone operating devices connected to the internet should understand the risks and take steps to prevent catastrophic problems.
Your ping of death mitigation plan could involve:
- Updating software. When developers spot flaws in their code, they release patches. If you don't download the results of their hard work, you leave your machine open to hijacking. Every time a patch is available, you should accept it.
- Filtering traffic. As a system administrator, you could block fragmented pings from reaching any device in the network. Standard pings would flow freely, but anything in pieces wouldn't get through.
- Assessing reassembly. System administrators can also look over their final packet size constraints. If you're not allowing large bits of data after packets come your way, crashing is inevitable.
- Using a buffer. Enhance your ability to take on large packets with an overflow buffer.
If you manage a large system with many connected devices, encourage your team to reach out right away when they encounter a blue screen. A ping of death attack gives a hacker entry into your system, so you'll need to stop it as quickly as you can.
Reduce your risk with Okta
Hackers are clever, and they're always looking for new ways to break past your barriers and do real harm.
At Okta, we offer robust security tools that can keep your entire community safe. And we're always here to answer questions and help you tackle problems. Learn more.
References
Internet Protocol, DARPA Internet Program. (September 1981). Information Sciences Institute, University of Southern California.
Microsoft Patch Tuesday: The Ping of Death Returns, IPv6 Style. (August 2013). Computer World.
Windows TCP/IP Remote Code Execution Vulnerability. (October 2020). Microsoft.
Microsoft Fixes Ping of Death Flaw in Windows. (October 2020). Decipher.