Thursday, September 17, 2015

What Are Ping Flood and Ping of Death?

Ping Flood and Ping of Death are two commonly perpetrated DoS or Denial of Service Attacks.

Let's understand how Ping Flood and Ping of Death are perpetrated.

What is Ping Flood ?

Ping Flood is another example of Denial of Service Attack. In this attack, the attacker sends a large number of ICMP Echo Request or ping packets to the targeted victim's IP address, mostly by using the flood option of ping. As a result, the victim's machine starts responding to each ICMP packet by sending a ICMP Echo Reply packet.

Now, the victim's machine takes twice the bandwidth of the attacker – once for receiving the packets and once for sending replies. So, if the attacker already has a much higher bandwidth than the victim, the victim's machine will get flooded with network traffic. The victim's machine will consume large number of CPU cycles and notice significant slowdown. This attack is called Ping of Flood.

What is Ping of Death ?

A correctly formed ping packet is typically 56 bytes in size. But any IPv4 packet may be as large as 65,535 bytes. If the attacker sends a malformed very large ping packet to the victim's IP address, the IP packet will reach the targeted victim splitting into multiple fragments. When the victim's machine will reassemble the IP fragments, it will end up with IP packet larger than 65,535 bytes. As a result, the victim's computer cannot handle that properly and a buffer overflow will happen. It can result in a system crash and potentially allowing the injection of malicious code. This type of attacks are called Ping of Death.

An easy way to avoid these sort of attacks is to set your router or firewall to ignore ICMP or ping packets from the internet.

No comments:

Post a Comment