Hello everyone,
Today, I'm going to introduce you Ping of Death Attack.
What is Ping of Death Attack
Ping of Death Attack is a type of DoS attack.
Ping of Death is when an attacker sends some large-sized ICMP packets (the length of the data part exceeds 65507 bytes) to attack the device. After the device receives such a large ICMP packet, if it is handled improperly, the protocol stack will crash.
How does Ping of Death Attack work
This section describes the formats of IP packets and ICMP packets to help you better understand the principle of the Ping of Death attack.
Figure 1: IP packets format
Figure 2: IGMP packets format
4-bit header length: indicates the length of the IP header. The maximum length of the IP header is 60 bytes. The length of the header of a common IP packet is 20 bytes.
16-bit total packet length: indicates the length of an IP packet. The maximum length of a single IP packet cannot exceed 65535 bytes.
The maximum length of an IP packet is 65535 bytes. If 20 bytes in the IP header and 8 bytes in the ICMP header are excluded, the maximum length of the data part is 65,507 bytes. An ICMP packet with a large size is an ICMP packet with a data part longer than 65,507 bytes.
Because TCP cannot transmit a data packet larger than 65535 bytes, an attacker fragments and sends the packet. After receiving the packet, the device attempts to reassemble the packet. As a result, the packet is too large to be processed and the buffer overflows, causing the system to crash, crash, or restart.
How to prevent
For Ping of Death attacks, network security devices cannot defend against ultra-large packets because most packets on the live network are fragmented. Therefore, a single packet does not exceed 65,507 bytes. The number of bytes exceeds 65,507 only after the receiver completes the combination. Therefore, the most effective defense against Ping of Death attacks is to prohibit ICMP packets from passing through the network security device.
That is all I want to share with you! Thank you!
