The type of denial-of-service (or “DoS”) known as the Ping of Death (or “POD”) is an attack in which the attacker deliberately sends oversized ping packets to the target computer. Ping packets are normally 32 bytes in size (84 bytes taking the IP header into consideration) and many computer systems cannot handle a ping packet larger than 65,535 bytes – the maximum ping packet size. A malicious ping this large causes most computer systems to crash.
Sending a ping larger than 65,535 bytes violates Internet Protocol as written in RFC 791 – those carrying out POD attacks send packets that large through fragmentation. The receiving computer then reassembles the oversized ping packet, resulting in a buffer overflow, which typically crashes the computer. This was an easy exploit to during earlier TCP/IP implementations. Historically, this exploit has affected the majority of operating systems and networks – widespread fixes in the late ’90s have largely rendered this exploit ineffective.
The fix for POD attacks entailed adding checks to the ping packet reassembly process, ensuring that the sum of the packet fragments’ sizes is smaller than 65,535 bytes, deeming the packet invalid and ignoring it if it fails to pass this check. Some firewalls perform this check to protect hosts lacking the bug fix. Another fix uses a memory buffer larger than 65,535 bytes for packet re-assembly, essentially adding support for packets larger than those allowed.
With POD attacks something of a relic in contrast to modern DDoS attacks on the internet, ping flooding – a different sort of ping attack – has largely replaced the Ping of Death as a simple, effective DoS method. Ping flooding is exactly what it sounds like – a process of flooding the target with so much ping traffic that it effectively blocks normal traffic from reaching the system.