OS-specific DoS attacks such as ping of death attacks can cripple a system with minimum effort.
Before You Begin |
|---|
For background information, read OS-Specific DoS Attacks Overview. |
The maximum allowable IP packet size is 65,535 bytes, including the packet header, which is typically 20 bytes long. An ICMP echo request is an IP packet with a pseudo header, which is 8 bytes long. Therefore, the maximum allowable size of the data area of an ICMP echo request is 65,507 bytes (65,535 - 20 - 8 = 65,507).
However, many ping implementations allow the user to specify a packet size larger than 65,507 bytes. A grossly oversized ICMP packet can trigger a range of adverse system reactions such as denial of service (DoS), crashing, freezing, and rebooting.
When you enable the ping of death screen option, JUNOS Software detects and rejects such oversized and irregular packet sizes even when the attacker hides the total packet size by purposefully fragmenting it. See Figure 151.
 |
Note: For information about IP specifications, see RFC 791, Internet Protocol.For information about ICMP specifications, see RFC 792, Internet Control Message Protocol.For information about ping of death attacks, see http://www.insecure.org/sploits/ping-o-death.html. |
Figure 151: Ping of Death
