>Hi Urban !
>> Just performing a sanity check. The "Killer Ping", "Ping o' Death" whatever
>> is only a concern from hosts on the SAME network, right? Once the packet
>> goes through a router it gets fragmented and re-assembled, right? Does re-
>> assembly still cause the machine to crash?
>Yes, it will crash. It is not the individual packet which is the problem.
>It is all packets which together form a deadly ICMP. However its not
>only the ICMP which gives you this problem, but probably most protocols.
>The only fix possible is to get it right at the kernel level for
>No simple device (like a gateway) can remove the problem by doing sanity
>check. To do that it would have to keep track of all packets in all
>connections. This is not feasable without using a lot of both RAM
>and processing power. Worst of all, it will introduce unacceptable latency.
When I received the patch for my ALPHA systems it changed a module
which belongs to the packet defragmenter/reassembler. This indicate
that the problem was higher up than anything a router or firewall can
block. It might crash the firewall. It might crash anything that had
to use the complete packet. Just moving packet fragments around
wouldn't cause a problem as far as I can tell. Given length limits on
various media there's a limit to how big a fragment can be.
Experiments here seem to show this anyway. Please keep in mind
that I could be completely wrong. It's been known to happen.
Chris Johnson Internet: johnson @
Assistant Director, Systems BITNET: johnson @
Division of Academic Computing Voice: 617.373.3300
Northeastern University, 39RI FAX: 617.373.8600
360 Huntington Ave. Half of all doctors graduated
Boston, MA. U.S.A. 02115 in the lower 50% of the class