Ping of Death (PoD)

16th February 2021 | Cybrary

A Ping of Death (PoD) is a type of Denial of Service (DoS) attack that deliberately sends IP packets larger than the 65,536 bytes allowed by the IP protocol. One of the features of TCP/IP is fragmentation; allowing a single packet to be broken down into smaller segments.

This DoS attack started back in the 90’s, where most operating systems didn’t know what to do when they received an oversized packet, so they froze, crashed, or rebooted. Ping of Death attacks are particularly brutal because the identity of the attacker sending the oversized packet could be easily ‘spoofed’ since the attacker doesn’t need to know anything about the victim, except their IP address. By the end of the 90’s, operating systems made patches available for users to avoid the ping of death. Still, many sites block Internet Control Message Protocol (ICMP) ping messages at their firewalls to prevent any future variations of this kind of denial of service attack.

What does this mean for an SMB?

A Distributed Denial of Service attack may pose a potential threat against gambling companies or other mid-to-large enterprises such as banks and defense contractors. DDoS attacks are rarely used against SMB’s unless they upset a hacker group. In other cases, one hacking group against another.

We are not saying it won’t happen, but the cost of protection is so great in many cases, the advice to an SMB is to know what it is, and establish a relationship with a DDoS protection vendor without paying for protection. DDoS protection vendors include Arbor Networks, AT&T, Verizon, and Akamai. Mid-to-Large enterprises should have contracts in place to protect themselves in seconds when hit with a DDOS attack. SMB’s should not.