Apologies if I missed a discussion on the Ping of Death.
I just got word of this from a co-worker but I haven't seen it discussed in
this forum yet.
Apparently sending ping's of over 64k to certian OS's causes them to crash.
We were able to crash an HP-UX machine running 9.0 here.
Here is the scoop from PC Week dated 11/12/96.
'Ping of Death' security flaw discovered. By Norvin Leach
A large number of operating systems and network
firmware may be vulnerable to a newly discovered
TCP/IP flaw called the "Ping of Death," which
overloads and crashes a system by sending
excessively large packets.
Information on the flaw can be found at
http://www.sophist.demon.co.uk/ping/.
According to the posting, most of the affected
systems
are Unix-based, although Windows NT 3.51 users
have
reported problems, as have users of NetWare 3.x.
Hewlett-Packard Co. has posted a patch for certain
versions of HP-UX. Other companies, including
SunSoft Inc., are working on patches for affected
versions of their operating systems.
Patches are also available for AIX, Linux,
Digital Unix
and OpenVMS.
(Note that some firewalll vendors can block extra large pings, firewall-1
for one. Check the above Web site for a lot more details).
Follow-Ups:
|
|
