Ping of death??

Discussion in 'OT Technology' started by Achance007, Nov 12, 2003.

  1. Achance007

    Achance007 Active Member

    Joined:
    Oct 12, 2000
    Messages:
    16,128
    Likes Received:
    4
    Location:
    New Castle, DE
    I was going thru my wireless router logs and a ping of death has been detected?
    Nov/12/2003 08:09:35 Ping of Death Detect 67.33.104.140:33725 68.82.4.27:6881 Packet Dropped
    Nov/12/2003 06:11:42 Ping of Death Detect 63.204.251.106:33475 68.82.4.27:6881 Packet Dropped


    Now I don't broadcast my SSiD and I have wep turned on and I have mac filtering on. So is this something I need to worry about?? Out of 2 days of logs this is the only occurance of it, I do live in an appt building so maybe a neighbor is trying to knock me off?? :dunno:
     
  2. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Sounds like the router is doing its job
     
  3. crontab

    crontab (uid = 0)

    Joined:
    Nov 14, 2000
    Messages:
    23,443
    Likes Received:
    12
    Only two packets logged/dropped? Shouldn't there be more?
     
  4. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Maybe it's smart enough not to log eleventybillion hits.
     
  5. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    ping of death is just a single packet with a size greater than 65536 bytes ( i believe )
     
  6. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yes, but it doesn't become a ping of death until it's sent multiple times. A single ping won't crash a computer.
     
  7. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci822096,00.html

    are you guys thinking of a ping flood? cuz i'm pretty sure that a single IP packet could take down a system. Well, at least up until the point that they fixed the problem.
     
  8. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    No, the way it works is because the IP packet is too large, it keeps a variable open waiting to process it and its offset once it has been sent. So one ping won't do it because it's only one variable. But each subsequent ping will force a new variable to be created and left open until it gets to the point where there are so many variables open, the OS just takes a dump.
     
  9. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    correct, but i'm guessing his router is just looking at the packets, checking the size, and dropping anything over the amount. Hence why he's only seeing 1 log entry. Who knows.
     
  10. zero xeal

    zero xeal Guest

    heh i like to wardrive and my guess is that some one in a car with a laptop did it but only left a few packets cause the light turned green or sumthing, just a thought tho.. and yea 2 POD packetsk arent nearly enought to crash it
     
  11. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    The definition of the Ping of Death is here:

    http://www.insecure.org/sploits/ping-o-death.html
    (pretty technical from what I've read)

    In a nutshell: 1 ping will do it. An operating system is the target. When the target reassembles the fragments, the last fragment overflows the buffer overwriting several 16 bit registers which hoses the OS and causes your machine to lockup or crash.

    This is MUCH different than a Ping Flood which results in a denial of service attack (you end up flooding the target with so many requests that you kill the bandwidth). Some info from Agilent is here:

    http://advanced.comms.agilent.com/routertester/member/journal/JTC_017.html

    I'm not a router/firewall expert, but it would appear your gear is doing its job.
     

Share This Page