The Ping of Death, IPv6 and why we’re probably all vulnerable

It’s always helpful when something’s name tells you what you can expect of it. Killer whales, for instance. Probably not a creature you’re going to take a leisurely swim with on vacation. The turtle frog. It’s real, and it’s everything you’re imagining. Usain Bolt. The list could go on for quite some time before reaching the Ping of Death denial of service attack, but that’s the one you need to know about most pertinently. You don’t really need further information to know that the Ping of Death is a terrible thing, but you do need to know what it is and why possibly every internet user is currently vulnerable to it.

Ping of Specific Consequences

The good news surrounding the Ping of Death is that it does not cause a literal death. If it were less hyperbolically named it would probably be the Ping of System Problems Including Crash, but that just isn’t very catchy.

The Ping of Death is a type of denial of service attack which means that the goal of it is to deny the services of a network resource to its legitimate users. As internet security firm Imperva Incapsula puts it, Ping of Death is an attack in which someone attempts to destabilize, freeze or crash the targeted computer, system or service by sending oversized or malformed packets using a ping command.

Understanding packets and pings

When any type of file, like HTML, an email, or a GIF is sent from one place to another on the internet, transmission control protocol breaks the file down into pieces that can be efficiently routed. These pieces are referred to as packets. The packets are numbered and include the address of the destination they’re heading to. When the packets arrive, they’re reassembled into the original file.

A ping command is used to test whether or not a host is reachable over the IP network. When used properly, a ping command sends Internet Control Message Protocol Echo Request packets to the host and waits for an Echo Reply. When Ping of Death occurs, an attacker sends malformed packets to the target which cannot be properly assembled. Regardless, these packets are processed, leading to an oversized file which can cause a memory overflow, which can lead to a crash.

A legacy of trouble

Ping of Death attacks are generally known for exploiting legacy vulnerabilities that haven’t been patched. However, with every new day comes new opportunities for attackers to find innovative ways to cause trouble over the internet, and that’s exactly what’s happened with a new Ping of Death threat.

The vulnerability exists in IPv6, which is the current version of the internet protocol, which is the protocol that dictates how computers communicate with each other, sending data from one place to another across the internet.

The vulnerability exists in what’s called Neighbor Discovery, the ping process used to test the reachability of a neighbor on the same network. The vulnerability allows remote or unauthenticated attackers to send malformed packets to a target, just as in the classic Ping of Death attacks.

The vulnerability was first disclosed by networking giant Cisco, which announced that the vulnerability exists in devices using Cisco’s IOS, IOS XR, NX-OS and IOS XE software. It’s important to note that the vulnerability is by no means Cisco specific, with Juniper announcing that JunOS is vulnerable as well. Though these two companies have been proactive about issuing warnings regarding their own devices and operating systems, it is likely that any IPv6 processing unit that is not capable of dropping these malformed packets early in the processing path is vulnerable. Translation: nearly everyone needs to be informed about this.

Waiting on a patch

Companies like Cisco and Juniper are currently working on patches to rid their devices of this vulnerability, and when they’re released, users need to apply them as quickly as possible. Until those patches are released, however, those concerned about their networks need to look into distributed denial of service and denial of service attack mitigation services that pre-emptively identify all abnormally large packets – even those that are fragmented – and filter them out early in the processing path. This proactive approach eliminates the risk of Ping of Death or other packet-based attacks.

There’s really no wondering whether or not you need to be worried about an attack called Ping of Death. It does you the courtesy of letting you know just what you can expect of it. It’s the Boaty McBoatface of denial of service attacks, and we probably all need to be concerned.