A Ping of Death (PoD) attack is a type of DoS (Denial of Service) attack in which attackers attempt to destabilize, freeze, or crash a targeted device. This kind of attack normally targets devices you use daily, like laptops and servers. PoD attacks first emerged in the mid-1990s and became a way for attackers to exploit the legacy weaknesses present in unpatched devices. The original PoD attack isn’t as common as it used to be. Nowadays, we’re seeing a new type of PoD attacks, known as ICMP flood attack.
Even though regular PoD attacks are highly unlikely to hit you today, ICMP flood attacks are a real danger. Read on to know more about Ping of Death attacks, how they work, and how you can protect yourself.
What Is a Ping of Death (PoD) Attack?
In PoD attacks, cybercriminals send more extensive packets than an internet connection’s maximum packet size. That essentially causes the device to slow down.
These attacks happen on patched and unpatched systems using legacy weaknesses on the target systems. Attackers don’t even need any detailed knowledge of your machine or operating system. All they need is your IP address, which they can easily spoof.
Now that you know what a PoD attack is, let’s dive deeper to see how it works.
How Does a PoD Attack Work?
When cybercriminals attack a machine, they send out pings and wait for an ICMP echo reply. That said, the connection between these attacks’ source and the target is intact. This means some data may be taken over by condition before this process begins.
Cybercriminals overload your connection with packets to launch DoS attacks. To put things in context, the maximum packet size for IPv4 is 65,535 bytes, including a total payload of 84 bytes. While launching a PoD attack, cybercriminals send bigger than 110k ping packets to the target machine.
This leads the target machine to crash, breaking up the TCP and IP protocols into segments. The target machine then tries to reassemble the fragments. Unfortunately, the maximum packet size exceeds the limit while putting the pieces back. That results in buffering and overflow which causes the machine to freeze or crash.
Cybercriminals can also send this type of attack over the User Datagram Protocol (UDP), Internet Packet Exchange (IPX), and Transmission Control Protocol (TCP). They can use anything that sends an Internet Protocol datagram. Does this mean PoD attacks still work?
Get The Latest Cybersecurity News
Does the Ping of Death Still Work?
PoD initially surfaced in the mid-1990s. We’ve protected many devices against PoD attacks since then. Many sites also keep stopping ICMP ping messages to prevent these attacks and control the coming variations of this DoS attack.
Still, any company’s defenses can weaken if it faces malicious content on any computer, server, or network. It also risks attacks with unpatched:
- Legacy devices
- Windows XP and Windows Server 2013 copies on systems already vulnerable to a weakness in OpenType fonts
- Kernel driver in TCPIP.sys
Recent PoD Attacks
Ping of Death attacks’ return was a big problem for IPv6 networks in 2013. The resurfacing exploit matrix controls an OpenType font weakness found within Windows XP and Server 2008 R2. Many computers are likely susceptible due to their lack of protection against such attacks.
Computers also received massive ping requests from outside sources. These ping requests exceeded the size these operating systems could handle. Devices needed either updated software or simply admins to turn off “enabled” functionality if no other options existed.
It’s true, modern operating systems have been combating this type of threat since the late 1990s with software updates to protect against it. Old vulnerabilities still slip through sometimes, though, despite being rare.
Since that’s the case, let’s learn how to mitigate DDoS and PoD attacks. We’ll start with DDoS.
Methods for Mitigating DDoS Attacks
DDoS attacks are becoming more common. In this case, you can protect your device by creating a memory buffer with enough leeway to handle larger packets. One way to do this is to exceed normal limits or add checks during the packet reassembly process. Memory buffers also protect against reconstructed smaller messages.
Another way is to block ICMP ping requests altogether at your firewall. In effect, you don’t want to allow cybercriminals trying to kill program execution through a PoD flood to achieve their target.
Let’s discuss the ways you can protect your device from ping flood.
How to Protect Your Device from a Ping Flood
Avoid ping flood on your device with these 4 methods:
1. Update Your Software
Developers continue to fix vulnerabilities in their products after discovering them. They frequently release patches whenever they spot defects in their code. In this case, you want to ensure you update your applications immediately. If you don’t pay attention to their updates, you’ll put your machine at stake. In effect, you can easily follow this instruction: every time a patch is accessible, accept it.
2. Filter Traffic
Your system administrator can block segmented pings from accessing any machine in the network. Standard pings can still stream openly, but anything in segments wouldn’t get past. In this way, you prevent your device from crashing due to segment overload.
3. Assess After Reassembling
At this point, you want to check the final packet size limit. You should do this because a crash can happen if you’re not allowing large data bits to come after you restrict packets.
4. Buffer Usage
Improve your ability to face large packets with an overflow buffer. This helps you deal with packets that exceed the allowable size.
Now, your device should be safe from PoD attacks, but you can still reduce their likelihood. This way, you’ll better ensure your safety.
How to Reduce PoD Attacks
ICMP pings have been used for years to test connection stability and security. While it’s possible, blocking all ICMP traffic everywhere won’t be practical nor beneficial. Attacks could also come through other ports, like FTP, which are also listening by design (and might need access).
Blocking ping messages only can prevent legitimate uses from happening. For example, you can check if networked devices are talking over links or verifying reachability within an entire geographical area. Here are the most helpful ways to reduce these attacks:
Fortinet
Your company can protect its infrastructure against DDoS attacks with FortiDados. This solution is dynamic and multi-layered, offering protection from known threats and zero-day hazards. FortiDados is also easy to deploy! The solution includes the following:
- Tutorial on how ping of death works with intrusion detection systems (IDS)
- Comprehensive analysis reporting options for those who need it most
- Behavior-based techniques that remove the signature file requirement altogether
Okta
Cybercriminals always look for new ways to break past your security and harm you. Okta offers powerful security tools that keep your company safe. The Okta team is also always available to help you deal with problems and answer your questions.
Final Words
A Ping of Death attack is just another type of DoS attack that targets your devices and disrupts them. While the earliest forms of PoD attacks aren’t threatening anymore, cybercriminals are evolving, using ICMP flood attacks. Unfortunately, you may also be at risk for these attacks. That said, you can still avoid PoD and safeguard your devices, as long as you take the necessary precautions and follow the instructions I provided in this article.
FAQ
What is a Ping of Death attack?
Ping of Death (PoD) is a form of DDoS attack in which attackers attempt to destabilize, freeze, or crash a targeted device. Your IP address is all they need to target you. In this attack, cybercriminals overload your connection with packets that exceed the maximum allowed size.
What is a DDoS attack?
Distributed Denial of Service (DDoS) attacks are malicious attempts that happen when cybercriminals overload your connection with fake requests. They usually use multiple connected devices, known as botnets, to achieve that. Your network can only process a limited number of requests at once, so DDoS attacks overwhelm it with requests. That way, regular traffic won’t be able to access your network anymore.
How does the Ping of Death attack work?
While launching a PoD attack, cybercriminals overload their target device with ping packets that exceed the maximum size. The maximum allowed packet size of IPv4 is 65,535 bytes, including a total payload of 84 bytes. When the packets exceed this size, the targeted devices’ system is unable to reassemble the information, and the system crashes.
Can I protect my device against PoD attacks?
Yes, you can, through several methods. Ensure you always update your applications to get the latest patches. You should also block all segmented pings from accessing your network, and allow access for large data bits after packets to avoid crashing. Finally, use an overflow buffer to ensure you can receive large packets.
Resources
TechGenix: Hardening Your Technology Infrastructure
Read through this article to discover how to withstand a DDoS attack.
TechGenix: DoS and DDoS Attacks
Click here to learn about the difference between DoS and DDoS attacks.
TechGenix: IP Address Security Guide
To know how secure your IP address is, read this article here.
TechGenix: Data Protection and Security Tips
Learn the best practices to secure your data in this article.
TechGenix: Packet Filters Guide
Discover how to create a packet filter for dropping ICMP packets in this article.
