Ping o' death

Jim Whitehead (ejw@ics.uci.edu)
Mon, 18 Nov 1996 12:03:22 -0800


FYI.

From:

http://www.tbtf.com/archive/current-issue.html

Note: Sparc Solaris and SunOS are safe, but x86 Solaris and Mac are
vulnerable to this attack. The Web site mentioned is very
comprehensive, and has a complete list of affected computers, routers,
xterms, etc.

Death ping

Any machine running Windows 95 or Windows NT, or any machine at
all that runs a small piece of publicly available code, can cause
targeted devices anywhere on its connected net -- including the Internet
-- to hang or crash. The mechanism is a ubiquitous, and usually
innocuous, network service called "ping": it takes its name from what
submariners do to probe their surroundings. A system that receives a
ping over the network sends a response that means, "Yes, I'm alive." The
normal size of a ping data packet is 50 to 60 bytes. Many systems don't
respond well to receiving an extremely large ping packet, say 64K bytes.
Vulnerable systems include Unix, Macintosh, and Windows computers as
well as various printers, routers, bridges, and X terminals. Read full
details on the Ping o' Death page [9], maintained by Mike Bremford
<Mike.Bremford@bl.uk>. No ironclad defense exists. Firewalls can be
programmed to block ping packets to protect systems inside their
perimeters, but doing so would cause some software that relies on ping
to fail. A promising variant on this approach is to block only
"fragmented" ping requests -- ones that have been broken up to travel
over a network, as the dangerous 64K pings would be. I'm afraid the only
real solution will come as manufacturers one by one implement fixes in
their operating-system and network software, and the owners of
vulnerable connected machines install upgrades -- a process that is
bound to stretch out over months and years. Nick Brown
<Nick.Brown@dct.coe.fr> brought this problem to the attention of Risks
readers.

[9] <http://www.sophist.demon.co.uk/ping/>