Check or Attack Name: pingbomb

The "Ping of Death" attack involves transmitting an ICMP echo packet greater than 65535 bytes in length to a vulnerable machine. The IP specification prohibits packets this large from being created, however, fragmentation allows this packet to be transmitted. The vulnerability exists in the reassembly code of the victim system's networking stack. Once the packet has been reassembled the packet may be too large to fit in the allocated buffer causing an overflow. This can cause certain systems to crash, reboot, or behave in unpredictable ways. This attack is not limited to ICMP and can be exploited with any protocol that uses IP.

Obtain a patch from your vendor. It may be possible to deny packets of this nature from entering your network; refer to your router's documentation.

Mike Bremford's Web Site, The Ping o' Death Page, http://www.sophist.demon.co.uk/ping/

IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1996:006.1, Newly Available Patches for IBM AIX(r) Address `SYN Flood' and `Ping o' Death' Vulnerabilities, http://www-1.ibm.com/services/brs/brspwhub.nsf/advisories

Silicon Graphics Inc. Security Advisory 19961202-01-PX, TCP SYN and Ping Denial of Service Attacks, ftp://sgigate.sgi.com/security/19961202-01-PX

CERT Advisory CA-96.26, Denial-of-Service Attack via ping, http://www.cert.org/advisories/CA-96.26.ping.html