Talk:Ping of death

Latest comment: 6 years ago by 213.112.1.129 in topic datasize issue

How can you create/send a POD? What has been done on the popular operating systems to prevent this buffer overflow from occuring?

It's probably not possible to do this and 'crash' other machines, as the article states that most machines have been fixed to avoid this. From my limited personal research it seems like it works by sending a packet size of 2^16 (65536) or greater will crash the remote machine.
My question here to add is how this is possible? We regularly send data around via TCP/IP which are obviously greater than 2^16 bytes, but the data is split between two packets of < 65535 bytes.
Anyway the question 'what has been done on the popular operating....' can probably be answered using my hypothesis that the machines are somehow set to not receive packets greater than 2^16-1 bytes. How, I'm not sure :) Piepants 23:26, 8 June 2006 (UTC)PiepantsReply
edit: after some more research, I am reminded that you can specify packet size from ping commands (type ping /? in your command prompt to see how). I'm sure they fixed it, but if you say, chose 'ping -l 65536 [hostname]' (-l means specified buffer size), it would do what was done years ago to 'test' this.
:) Piepants 23:31, 8 June 2006 (UTC)PiepantsReply

Killing vandals with PODs

edit

This might make be effective way to fight vandals if it wasn't illegal. Wikipedia users would simply send Pings of death to vandals, and their computers crash!--75.26.13.197 00:42, 18 September 2006 (UTC)Reply

... but you DID read the part about POD bug being fixed since 10 years? 217.196.67.133 14:15, 5 October 2006 (UTC)₦ this men love —Preceding unsigned comment added by 122.180.11.142 (talk) 14:39, 13 July 2010 (UTC)Reply

NOTHING to do with ICMP ?

edit

When a ping of death is initiated, it is my understanding that the command used, i.e. "ping -l 65536" will cause an oversized ping packet to be sent to the host by inserting 65536 bytes into the ICMP data field. As the ping is sending, then ICMP makes an ICMP_ECHO_REQUEST and this ICMP_ECHO_REQUEST is 65536 bytes. This together with the rest of the IP packet makes it greater than the specified length of IP MTU allowed. The IP packet will be sent fragmented due to its size, but when reassembled at the other end all the pieces will be greater than the maximum allowed for an IP packet since the ICMP_ECHO_REQUEST contains 65536 bytes just on its own, within the ICMP data field. The host will not be expecting to recieve an illegally oversized IP packet and will allocate memory space for an IP packet no larger than 65,535 bytes. The host will reassemble the IP packet and place it in the allocated memory space. However, since this IP packet is oversized then the extra data will "overflow" the allocated memory space, thus causing a "buffer overflow". This will affect areas of memory allocated to other processes. If this happens to be executing code, the system will effectively be attempting to run corrupted code causing the system to either hang or crash. Okay so I accept that the problem lies with the reassembly process, but I couldn't agree that it has NOTHING to do with ICMP since it is the ICMP data field that holds the data which makes the IP packet oversized. Please correct me if I am wrong.

The ICMP header does NOT have a field describing the length of the packet. This information is in the IP header, regardless if this is ICMP, UDP, TCP, or any other protocol. You could use the POD attack also with other types of protocols, which are not ICMP. Read section 1.2 in the link to insecure.org

94.192.182.212 (talk) 21:53, 15 June 2009 (UTC) Bob 94.192.182.212 (talk) 21:53, 15 June 2009 (UTC)Reply

Ping packet size

edit

According to the article “A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the Internet Protocol header is considered.”, however, the IP header is 20–60 bytes for IPv4 or 40 bytes for IPv6. Does the sentence intend to refer to ICMP header, which is 8 bytes?

Additionally, could we get some source on the number? I see that iputils do use that as a default but what about other implementations? —JTojnar (talk) 01:49, 30 January 2018 (UTC)Reply

datasize issue

edit

"A correctly-formed ping packet is typically 56 bytes in size" bits or Byte? Capitel or lower case B makes a difference. — Preceding unsigned comment added by 213.112.1.129 (talk) 05:23, 15 October 2018 (UTC)Reply