SOLUTIONS
Deliver Superior Online Experiences
Mitigate DDoS Attacks Stop Malicious Bot Abuse Accelerate Internet Applications Ensure Application Availability Optimize Web Experiences Stream Videos On-Demand Superior Online Experience for China Users
Secure Employee Applications and Devices
Deliver Zero Trust Access to Applications Implement Secure Access Service Edge (SASE) Protect Users Accessing the Internet Protect Corporate Networks Manage Secure Contractor Access Replace Virtual Private Networks (VPNs) Secure Your Remote Workforce Stop Zero Day Attacks with Browser Isolation
 
Protect and Accelerate Networks
Cloudflare's Network Services Mitigate L3 DDoS Attacks Connect network infrastructure with Cloudflare Transform Corporate Networks
Code on the Network Edge
Build a Serverless Application Deploy a Static Website Configure a CDN Define Conditional Request Routing
Manage a Secure Cloud
Secure Hybrid, Cloud, & SaaS Platforms Enable SSL for SaaS Applications Reduce Cloud Data Transfer Costs
Register a Website
Register or Transfer a Website
INDUSTRIES
eCommerce Financial Services Gaming Healthcare and Life Sciences Media and Entertainment Public Sector SaaS Education
PUBLIC INTEREST
Election Campaigns Athenian Project Project Galileo Project Fair Shot
FOR INFRASTRUCTURE
Application & Network Security
API Shield Bot Management DDoS Protection Magic Transit Magic WAN Network Interconnect Rate Limiting TCP / UDP Applications SSL / TLS SSL/TLS for SaaS Providers WAF
Performance & Reliability
Argo Smart Routing CDN China Network DNS Load Balancing Stream Delivery Waiting Room
FOR TEAMS
Cloudflare for Teams Access Gateway Browser Isolation
FOR DEVELOPERS
Serverless Applications
Cloudflare Workers Cloudflare Workers KV
Domain Registration
Cloudflare Registrar
Website Development
Cloudflare Pages Cloudflare Stream
SaaS Developers
Cloudflare for SaaS
FOR EVERYONE
1.1.1.1 1.1.1.1 with WARP (App) 1.1.1.1 for Families
INSIGHTS
Analytics Cloudflare Logs Web Analytics Cloudflare Radar
PRIVACY
Data Localization Compliance
FOR INFRASTRUCTURE
Advanced Security
Bot Management Firewall rules Magic Transit Spectrum (TCP/UDP) SSL WAF
Performance & Reliability
CDN DNS Image Resizing Load Balancing Stream (Video)
 
Insights
Analytics
Domain Registration
Registrar
FOR SERVERLESS APPLICATIONS
Workers Quick Start Cloudflare Pages Sample Workers Projects Workers Tutorials Command-line (Wrangler) Runtime
FOR TEAMS
Cloudflare for Teams
EXPLORE CLOUDFLARE API
Cloudflare API API Authentication
DOCUMENTATION HUB
Dev Documentation Hub
RESOURCES
Resource Hub Whitepapers Webinars Solutions & Product Guides Case Studies Analysts
EXPLORE
What's New? Network Map Cloudflare in China GDPR
GET STARTED
Register Your Website Welcome Center Get Help
LEARN
Learning Center Security DDoS Bot Management SSL Identity and Access Management Performance CDN DNS Cloud Serverless Network Layer
CONNECT
Blog Community
TRUST
Trust Hub Privacy & Data Protection Certifications Trust & Safety GDPR Legal Documentation
CONTACT
+1 650 319 8930
CHANNEL & ALLIANCE PARTNERS
Partner Network Partner Portal
TECHNOLOGY PARTNERS
Overview Analytics Partners Bandwidth Alliance Endpoint Security Partnerships Interconnect Partnerships Network On-ramp Partnerships Peering Portal
PRICING BY PLAN
Free Pro Business Enterprise
COMPARE AND EXPLORE
Need Help Choosing a Plan? Add Ons Compare All Plans

Ping of Death Attack

A DoS attack that aims to disrupt a web server by sending out abnormally large packets.

Share facebook icon linkedin icon twitter icon email icon
What is a DDoS Attack?
What is a Botnet?
Common DDoS Attacks
DDoS Attack Tools
DDoS Glossary of Terms
Famous DDoS Attacks
Memcached DDoS Attack
NTP Amplification Attack
DNS Amplification Attack
SSDP Attack
DNS Flood
HTTP Flood
SYN Flood Attack
UDP Flood Attack
Ping (ICMP) Flood Attack
Low and Slow Attack
Application Layer Attack
Cryptocurrency Attacks
Smurf Attack (historic)
Ping of Death (historic)
How to DDoS
Low Orbit Ion Cannon
High Orbit Ion Cannon
R U Dead Yet? (R.U.D.Y.)
Slowloris Attack
DDoS Booter/IP Stresser
DDoS Mitigation
Blackhole Routing
Denial Of Service
DNS
HTTP
ICMP
IP Spoofing
Malware
OSI Model
TCP/IP
UDP
WAF
Internet Of Things (IOT)
Mirai Botnet
Internet Protocol (IP)

Ping of Death

Learning Objectives

After reading this article you will be able to:

  • Define a Ping of Death (POD) attack
  • Explain how a POD attack works
  • Explain mitigation strategies for POD attacks

Related Content

Low And Slow Attack

Smurf Attack

What Is Malware?

R U Dead Yet (R.U.D.Y.)

Slowloris DDoS Attack

What is a Ping of Death attack?

A Ping of Death attack is a denial-of-service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash. The original Ping of Death attack is less common today. A related attack known as an ICMP flood attack is more prevalent.

How does a Ping of Death work?

An Internet Control Message Protocol (ICMP) echo-reply message or “ping”, is a network utility used to test a network connection, and it works much like sonar – a “pulse” is sent out and the “echo” from that pulse tells the operator information about the environment. If the connection is working, the source machine receives a reply from the targeted machine.

While some ping packets are very small, IP4 ping packets are much larger, and can be as large as the maximum allowable packet size of 65,535 bytes. Some TCP/IP systems were never designed to handle packets larger than the maximum, making them vulnerable to packets above that size.

Ping of Death DDoS Attack

When a maliciously large packet is transmitted from the attacker to the target, the packet becomes fragmented into segments, each of which is below the maximum size limit. When the target machine attempts to put the pieces back together, the total exceeds the size limit and a buffer overflow can occur, causing the target machine to freeze, crash or reboot.

While ICMP echo can be used for this attack, anything that sends an IP datagram can be used for this exploit. That includes TCP, UDP and IPX transmissions.

How is a Ping of Death DDoS attack mitigated?

One solution to stop an attack is to add checks to the reassembly process to make sure the maximum packet size constraint will not be exceeded after packet recombination. Another solution is to create a memory buffer with enough space to handle packets which exceed the guideline maximum.

The original Ping of Death attack has mostly gone the way of the dinosaurs; devices created after 1998 are generally protected against this type of attack. Some legacy equipment may still be vulnerable. A new Ping of Death attack for IPv6 packets for Microsoft Windows was discovered more recently, and it was patched in mid 2013. Cloudflare DDoS Protection mitigates Ping of Death attacks by dropping malformed packets before they reach the targeted host computer.

Previous Lesson: Smurf Attack (historic)

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.