Ping of Death averted

A fix is released for the latest trend in "denial-of-service" assaults: the so-called Ping of Death attack.

CNET News staff
2 min read
The Network Systems Group of StorageTek (STK) is releasing a fix for the latest trend in "denial-of-service" assaults: the so-called Ping of Death attack.

The fix, announced today, is the latest of many that have been released in recent weeks as the Ping of Death has grown in popularity. The Network Systems fix only applies to its own system. Several other companies put out fixes almost immediately, but there are still systems that remain unprotected.

Like all denial-of-service attacks, the Ping of Death does not actually damage the system it is attacking. Instead, it prevents users from using a system during an attack.

Unlike the last denial-of-service attack to gain fame--the so-called SYN flood assault--the Ping of Death has not caused any major outages, according to David Kennedy, a security analyst National Computer Security Association.

But like most hackings, it has caused some problems with systems being taken down for short times. The attack takes advantage of one of the most basic aspects of the Internet, known as "ping," technically an ICMP (Internet Control Message Protocol) echo.

Ping works like sonar. It is a command sent from one machine to a remote one to check on the latter's status.

"It is used to see if another machine is alive by firing a tiny piece of data at the machine and seeing if it comes back," explained Mike Bremford, who is hosting a comprehensive site on the attack, called The Ping o' Death Page.

"Because it's such a basic building block of the Net, everyone has it--which is why if something goes wrong, a whole lot of people are affected," Bremford said.

In a Ping of Death attack, instead of sending a small ping to serve its function, the user sends a giant one that overwhelms the remote machine and shuts it down temporarily. Usually it causes the machine to reboot or otherwise shut down until someone starts it up again.

As Bremford put it, "What we have here is instead of sending a tiny, wee packet at the remote machine, we throw a ton of bricks at it, and it falls over."

Someone apparently discovered that the Windows 95 machine is perfectly suited for the Ping of Death attack and proceeded to spread the word late last month.

Fortunately, the problem is relatively easy to fix. In fact, the Network Systems fix, which basically blocks large pings, is only about four lines and takes a few seconds--if that long--to download, said Sharon Kahn, a system test manager for Network Systems.

Several others have also put out fixes. "There are a lot of patches out and almost as many that aren't patched," Kennedy said. "Right now, it seems like it's a vulnerability, and people are fixing it, but it seems more theoretical than anything."