Section 11.3 The Ping of Death Sinks Dutch Shipping Company

11.3 The Ping of Death Sinks Dutch Shipping Company

The Ping of Death is a vulnerability discovered late in 1996 whereby an invalid packet is generated and sent. It is invalid because its length is longer than the maximum packet "allowed." Despite the fact that all code should check carefully for "out of bounds" conditions, this problem was in many, many devices that listened on the network, from operating systems to printers.

This problem first came to light by accident because the ping program on most versions of Windows had a bug in that it incorrectly computed the size of the packet requested. This allowed one to request a packet that was larger than legally allowed.

At a firm I consulted for, Dave Barker and I used a test system to see if our UNIX systems really were susceptible to the Ping of Death. They never knew what hit them. When we then telephoned them across the Atlantic Ocean and explained that we were logged into your system via telnet and we lost the connection they said, "Uh, it just crashed. We cannot determine from the logs why it crashed." I do not think that they ever figured it out. We did later suggest that they get the Digital Equipment patch for the Ping of Death, as we sure did the next day.

To our surprise, this illegally large packet made it through numerous routers across 6000 miles and a number of countries without any system handling it detecting that it was invalid and dropping the packet. When I tried the Ping of Death against one of our Linux boxes it did not crash. It just slowed down a bit. One of the arguments against Linux is that it is "unsupported." Well, a patch to prevent the Ping of Death from crashing Linux was available on the Web within an amazing four hours of the problem being reported! Nobody else, not Sun, Digital, Microsoft, or any of the "supported" closed source platforms had a fix out that fast.

As of the 2.0.28 kernel, Linux is immune to the Ping of Death.