What is a Ping of Death?

A ping of death is a form of “denial of service” attack that can be launched against a computer, router, server, printer, and other device over a network such as the Internet. This type of attack became fairly popular among malicious computer users in the late 1990s who wished to overwhelm and shut down other computers and servers. Since that time, however, these sorts of attacks have been mostly eliminated due to fixes in operating system (OS) software for computers and servers. A ping of death attack consists of a signal being sent to a computer or other device that is effectively larger than what the device can handle, resulting in a shutdown, restart, or freeze of the system.

Sometimes referred to as a “Ping o’ Death” or POD, a ping of death refers to an old type of malicious computer attack that has been largely replaced by other forms of denial of service attacks since the beginning of the 21st century. To understand what a POD is, it is often easiest to first understand what a “ping” is in general. A ping is a signal sent between two computers or similar systems, which is used to evaluate the speed in which a signal can transfer between the systems and evaluate any signal loss. It was established as a common practice in the early 1980s and named after the sound made when using sonar to detect objects based on reflected sound waves.

According to standard Internet protocols (IP), the largest IP packet size that can be sent is 65,535 bytes. This is not an absolute limit, but was established as a practical limit to keep systems orderly. One of the major features of IP communication, however, is fragmentation that allows a large packet to be broken down into smaller packets that are transmitted and reassembled before being processed by a receiving system. In the 1990s, people discovered that by using this fragmentation, smaller packets could be sent as a ping signal that once reassembled would excel the 65,535 byte limit; when this message, the ping of death, was then processed it would cause the receiving system to shut down, restart, or freeze up.

Once ping of death attacks began to crash systems, software designers were quick to find ways to protect systems. Ultimately, patches were released for existing software and hardware, with later software using similar protection, to allow systems to determine the size of the fragmented packet before reassembly and to dump the packet if it goes over the size limitation. Although a POD attack is unlikely to work on most modern systems, there are other types of denial of service attacks that have replaced it, such as ping flooding.