MarketPing of death
Company Profile

Ping of death

A ping of death is a type of cyberattack on a computer system that involves sending a malformed or otherwise malicious ICMP echo request, a message normally associated with the ping utility, to a computer. In this attack, a host sends hundreds of ICMP echo requests with a packet size that is large or illegal to try to take the receiving host offline or to keep it preoccupied responding with replies.

Detailed information
The maximum packet length of an IPv4 packet including the IP header is 65,535 (216 − 1) bytes, a limitation presented by the use of a 16-bit wide IP header field that describes the total packet length. The underlying data link layer almost always poses limits to the maximum frame size (see MTU). In Ethernet, this is typically 1500 bytes. In such a case, a large IP packet is split across multiple IP packets (also known as IP fragments), so that each IP fragment will match the imposed limit. The receiver of the IP fragments will reassemble them into the complete IP packet and continue processing it as usual. When fragmentation is performed, each IP fragment needs to carry information about which part of the original IP packet it contains. This information is kept in the Fragment Offset field, in the IP header. The field is 13 bits long, and contains the offset of the data in the current IP fragment, in the original IP packet. The offset is given in units of 8 bytes. This allows a maximum offset of 65,528 Then when adding 20 bytes of IP header, the maximum will be 65,548 bytes, which exceeds the maximum frame size. This means that an IP fragment with the maximum offset should have data no larger than 7 bytes, or else it would exceed the limit of the maximum packet length. A malicious user can send an IP fragment with the maximum offset and with much more data than 8 bytes (as large as the physical layer allows it to be). When the receiver assembles all IP fragments, it will end up with an IP packet which is larger than 65,535 bytes. This may possibly overflow memory buffers that the receiver allocated for the packet, and can cause various problems. As is evident from the description above, the problem has nothing to do with ICMP, which is used only as payload, big enough to exploit the problem. It is a problem in the reassembly process of IP fragments, which may contain any type of protocol (TCP, UDP, IGMP, etc.). The correction of the problem is to add checks in the reassembly process. The check for each incoming IP fragment makes sure that the sum of "Fragment Offset" and "Total length" fields in the IP header of each IP fragment is smaller or equal to 65,535. If the sum is greater, then the packet is invalid, and the IP fragment is ignored. This check is performed by some firewalls, to protect hosts that do not have the bug fixed. Another fix for the problem is using a memory buffer larger than 65,535 bytes for the re-assembly of the packet. (This is essentially a breaking of the specification, since it adds support for packets larger than those allowed.) Ping of death in IPv6 In 2013, an IPv6 version of the ping of death vulnerability was discovered in Microsoft Windows. Windows TCP/IP stack did not handle memory allocation correctly when processing incoming malformed ICMPv6 packets, which could cause remote denial of service. This vulnerability was fixed in MS13-065 in August 2013. The CVE-ID for this vulnerability is . In 2020, another bug () in ICMPv6 was found around Router Advertisement, which could even lead to remote code execution. ==See also== • INVITE of DeathLANDPing floodReDoSSmurf attack ==References==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com