Ping of Death
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Ping of Death

  1. #1
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Ping of Death

    During the last month, I have been the recepiant of several of several attacks to my IP addy. None have been succeded by the way.

    They have been 'The Ping of Death'

    From my D-Link DI-514 logs:
    Oct/21/2004 18:10:04 Ping of Death Detect 192.168.1.19:1607 4.29.212.228:445 Packet Dropped
    I am on Verison DSL and this latest attack came when no one was even on the internet. The only connection was the gateway and the router. All three boxes were off at the time (although that is irrellevant as they don't get past the router anyway.)

    For those of you who haven't heard of 'The Ping of Death', here is some explanations:
    http://www.insecure.org/sploits/ping-o-death.html
    Description: gazillions of machines can be crashed by sending IP packets that exceed the maximum legal length (65535 octets)
    Author: The page included was created by Malachi Kenney. The programs have attribution.
    Compromise: Stupid DOS
    Vulnerable Systems: I have heard that NT and 95 can actually lock up hard from the programs below. Also, early 2.0.x Linux, Solaris x86, and Macintosh systems are often vulnerable.
    Date: 21 October 1996 was when this page came up.
    Notes: The Ping O' Death page is included first, then comes BSD source code, then comes a version of the above which is modified to compile on Linux 2.X. I also appended jolt.c, which IP spoofs to. Woop!
    Also from the same source:
    In a nutshell, it is possible to crash, reboot or otherwise kill a large number of systems by sending a ping of a certain size from a
    remote machine. This is a serious problem, mainly because this can be reproduced very easily, and from a remote machine. (During tests, my
    machine in London, England has been crashed from a machine in Berkeley, California), and because the attacker needs to know nothing about
    the machine other than its IP address. Be afraid. Since I started this page on the 21st October, over 18 major operating systems have
    been found vulnerable.

    It's very easy to exploit - basically, some systems don't like being pinged with a packet greater than 65536 bytes (as opposed to the
    default 64 bytes). This bug is not limited to Unix, but is popping up on Macs, Netware, Printers, Routers... the list goes on. Patches are
    coming out extremely fast - the award did go to the Linux community for getting a patch out within three hours (well, 2 hours 35 minutes 10
    seconds if you must know), but Bill Webb from Telebit assures me that the Netblazer patch was out within two! OK, OK, you can share the
    prize money... :-)

    An IP datagram of 65536 bytes is illegal, but possible to create owing to the way the packet is fragmented (broken into chunks for
    transmission). When the fragments are reassembled at the other end into a complete packet, it overflows the buffer on some systems, causing
    (variously) a reboot, panic, hang, and sometimes even having no effect at all...

    Most implementations of ping won't allow an invalid datagram like this to be sent. Among the exceptions are Windows '95 and NT, although
    they are certainly not the only ones...
    The artical goes on to explain why just blocking this at the firewall is not the best solution, and what systems are succeptable to this form of attack.

    Well worth the read.

    (excuse any spelling mistakes......I still can not get the spelling checker to work)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #2
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    I thought the so called "Ping Of Death" isn't of any good now and the only systems vulnerable
    to this are the ones that time warped from the early 90's !!. Any high profile vulnerability is
    sure to be completely fixed after sometime (Wel...almost !).

    If i'm wrong, please do correct me folks.


    PaCketthirst

  3. #3
    Banned
    Join Date
    Mar 2002
    Posts
    30
    I would have to jump to the conclusion that some skiddieot found a ping of death program and decided to try it out.

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    P.O.D.

    Now thatís one I havenít heard in eons. But, obviously some skidettee was able to slip them through DSL as we see with Moxís Logs. I distinctly remember some scrimmages that transpired between a few folks years ago. Scripts were written to try to respond in retaliation if we received the "Ping of Death". They seldom worked because the ole P60 with win95 would immediately dive into a stupor if one were received. The poor ISPs became rabid because of the complaints and they became targets as well. So they started blocking them at their level and dumping the accounts of the offenders.

    Since I'm on DSL, better check my logs
    Connection refused, try again later.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Was there actually a point to this post beyond telling people you got hit with it?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  6. #6
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by chsh
    Was there actually a point to this post beyond telling people you got hit with it?
    Actually yes.......to get you off your lazy ass, and maybe get some discussions going, but I guess you are just feeling to high and mighty to participate in such, eh chsh.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by moxnix
    Actually yes.......to get you off your lazy ass, and maybe get some discussions going, but I guess you are just feeling to high and mighty to participate in such, eh chsh.
    Yep, I am too high and mighty to participate, which is precisely why I asked what the purpose of your post was.

    At any rate, why discuss something that belongs in the history books in terms of affected OSes? This is on par with discussing code red hits. It's Internet background noise -- get used to it, or get off the Internet.

    Oh, and by the way, this belongs in Network Security Discussions.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #8
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by chsh
    Yep, I am too high and mighty to participate, which is precisely why I asked what the purpose of your post was.
    Yes I understand completely.
    Originally posted here by chsh At any rate, why discuss something that belongs in the history books in terms of affected OSes? This is on par with discussing code red hits. It's Internet background noise -- get used to it, or get off the Internet.
    Stange, I know of ten members just off the top of my head that run some of those ancient OS's that are only found in the history books. Not everybody can afford (or wants to ) to run bleeding edge technology. Perhaps even if it is not of interest to you, it might be for them. But you have that covered in the first part.
    Originally posted here by chsh Oh, and by the way, this belongs in Network Security Discussions.
    You must not have read the artical referenced. It also effects some hardware and firmwear, but true it actually could go into several different forums, I just picked the one that seemed to cover the whole concept. Your opinion has been noted, for what ever that is worth.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by moxnix
    Stange, I know of ten members just off the top of my head that run some of those ancient OS's that are only found in the history books. Not everybody can afford (or wants to ) to run bleeding edge technology. Perhaps even if it is not of interest to you, it might be for them. But you have that covered in the first part.
    I was running an old OS up until last week, and oddly enough, it was unaffected by this. There are ten AO members out there using unpatched Ping-Of-Death-able OSes? I suggest that perhaps you do some directed education of these people then, so they can be brought up to at least six years ago in terms of security.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Chris:

    There are ten AO members out there using unpatched Ping-Of-Death-able OSes?
    Yes, but we don't connect them to the internet so it doesn't matter.

    I think the point of the thread is that the POD is so old it should be extinct, so what is really going on?

    I vaguely remember the POD from about the mid-1990's? AFAIK It would run on Win 3.11 (some), Win95, NT3.51 and NT4 (I think it got fixed with SP3).

    Anyway, I don't see many people going on the net with the first three of those and if you are running NT4, you should be at SP6a. My point is that there shouldn't be any targets left. That is why I am not entirely convinced by the skiddie theory, if they don't get any results they will get bored and find something else to do?

    I will take a wild guess, and suggest that Mox's router is being too sensitive. I believe that it may be detecting fragmented packets and giving a false positive for POD.

    I have heard that Win XP fragments packets for whatever reason and that this can cause problems with some routers.

    Also there all these chat and P2P things going around looking for people to chat with, or music to share.

    No idea how to do it, but it would be interesting to send a fragmented packet to the router, smaller than that required for a POD, and see what the reaction is?

    There does seem to be something going on maybe it is just the router overreacting but why all of a sudden?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides