article featured image


Ping of Death (PoD) is a sort of DoS attack in which an attacker sends faulty or large data packets using the simple ping command to crash, destabilize, or freeze the targeted machine or service. This kind of DoS attack leverages patched legacy weaknesses.

In 1997, a flaw in the implementation of how operating systems processed IPv4 ICMP packets led to the discovery of the first Ping of Death. This fault was the root cause of the problem. Ping packets, also known as ICMP ECHO REQUEST packets, are supposed to be 64 bytes long, although this length was not strictly enforced. Any ping packet with a length that is longer than 65536 bytes, which is the maximum value that is anticipated to be allowed in the length field, will cause a system to crash.

How Does Ping of Death Work?

Computers utilize a “ping” to test network connections using ICMP echo-reply messages, which means that the system delivers a pulse that echoes to provide operator network information. When the link works, target computers react to source machines, which engineers utilize.

The size of a properly formatted IPv4 packet, including the IP header, is 65,535 bytes. The entire payload size is 84 bytes, making the overall size of the packet 65,535 bytes. The majority of older computer systems simply were unable to process bigger packets and would become unusable if they were presented with one.

As a general rule, attackers will transmit faulty packets in fragments. This is because it is a violation of the Internet Protocol to send a ping packet that is longer than 65,535 bytes. Memory overflow is a potential problem that might result in a variety of system issues, including a system crash, when the target machine tries to reassemble the pieces but ends up with an enormous packet.

Attacks using the Ping of Death were especially successful due to the fact that the attacker’s identity may be readily disguised. In addition, an attacker using Ping of Death would only need to know the machine’s IP address in order to be successful in their attack; they would not need any other specific information about it.

A ping of death is small in scale, and fairly basic, so it’s mostly efficient against particular devices. However, if multiple computers come together, it’s possible for a handful of these to bring down a smallish website without the proper infrastructure to deal with this threat.

How to Mitigate the Ping of Death Risk?

A company may defend itself against the threat of ping of death assaults by avoiding the usage of old equipment and making sure that all of its devices and software are kept up to date at all times. Blocking fragmented pings and raising memory buffers are two further ways to prevent the ping of death and lower the chance of memory overflows, both of which help to avoid the ping of death.

Stop ICMP Ping Messages From Being Received

The majority of networks make use of firewalls, which offer businesses the ability to suppress ICMP ping packets. They will be able to stop ping of death assaults if they do this, but it is not a realistic method since it lowers performance and reliability and prevents valid pings from being sent. Additionally, they are not optimal since incorrect packet assaults may be initiated using listening ports such as File Transfer Protocol (FTP).

Utilize Services That Protect Against DDoS Attacks

The use of services that guard against distributed denial-of-service assaults, often known as DDoS attacks, is a more effective strategy for protecting networks from ping-of-death attacks. Organizations that have protection against DDoS assaults are able to stop faulty packets before they can reach their target, which eliminates the possibility of a ping of death happening.

How Can Heimdal Help?

DNS is a vital digital structure and one of the Internet’s foundations, which integrates everything related to the IT infrastructure – basically, all the information that circulates between servers and users.

Heimdal Threat Prevention does not function in the same way as a conventional antivirus program but rather works in conjunction with it. It provides proactive protection against Internet threats, as contrast to the reactive protection provided by a typical antivirus program.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Taking reactive security measures leaves you vulnerable to significant dangers. The proverb “Prevention is better than cure,” which originated in the medical field, is one that many of us are acquainted with. Cybersecurity is not an exception to this rule. Security that is proactive is preferable than security that is reactive and offers long-term advantages.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *