Ping and Ping of Death – what and how
- Comments Off on Ping and Ping of Death – what and how
Ping
is a network software utility that sends a packet to the target machine and the target machine will reply back if it receives that packet. This way we can know that the target is online (connected to the lan or wan). It’s one of the most used utilities for identifying network problems.
MyPc->ICMP Echo request-> Target ->ICMP Echo response-> MyPc
Ping
is sending an ICMP Echo packet request
request and when the target receives this packet will reply back with an ICMP Echo response. The ICMP header starts after the IPv4 header and is identified by IP protocol number. All ICMP packets have 8-bytes header and variable-sized data section. The first 4 bytes of the header have fixed format, while the last 4 bytes depend on the type/code of that ICMP packet.
A ping packet can have up to 65536 bytes. This is the negative side of the ping packet. Someone can increase the size of the ping packet unnaturally, forming a malformed ping packet. Sending malformed ping packets is a type of attack and is called “Ping of death” attack.
How Ping of Death attack works?
The packets are sent and received in fragments. One fragment is of 8 octet size. So, the target machine will reassemble the malformed packets.
The whole assembled packet can cause buffer overflow at the target machine especially when sending so many packets that the target gets over-utilized and can crush and hang (Denial of Service)
Perform DoS attack using ping of death!
1. Open Notepad
2. Copy the following lines on the notepad
:loop
ping <IP Address> -l 65500 -w 1 -n 1
goto :loop
3. Replace <IP Address> with the ip address of the target machine
4. Save the Notepad file. For example pingofdeath.txt
5. Right click on the file and rename it. Rename the extension from .txt to .bat so that your file is now pingofdeath.bat
6. Double click the file and it will popup a cmd window that will start pinging the target ip.
NOTE: this might not work on all computer.
Attacking computers unauthorized is illegal and not recommended in any way. This article is just for educational purposes and you can test it on your own machines 🙂