Understanding Ping of Death Attacks

OS-specific DoS attacks, such as ping of death attacks, can cripple a system with minimal effort.

The maximum allowable IP packet size is 65,535 bytes, including the packet header, which is typically 20 bytes. An ICMP echo request is an IP packet with a pseudo header, which is 8 bytes. Therefore, the maximum allowable size of the data area of an ICMP echo request is 65,507 bytes (65,535 - 20 - 8 = 65,507).

However, many ping implementations allow the user to specify a packet size larger than 65,507 bytes. A grossly oversized ICMP packet can trigger a range of adverse system reactions such as denial of service (DoS), crashing, freezing, and rebooting.

When you enable the ping of death screen option, Junos OS detects and rejects such oversized and irregular packet sizes even when the attacker hides the total packet size by fragmenting it. See Figure 82.

Note: For information about IP specifications, see RFC 791, Internet Protocol. For information about ICMP specifications, see RFC 792, Internet Control Message Protocol. For information about ping of death attacks, see http://www.insecure.org/sploits/ping-o-death.html.

Figure 82: Ping of Death

Image g030609.gif

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.