Ping Of Death

One of the very first things that you do when you are trying to debug network issues is to "ping" systems. What Ping does is very simple: it more or less sends out a "hello are you there" packet, and gets back a "sure, I am here" response.

What this does is test that the routing between your system (or the system which issues the Ping command) and the target system works, and that the target system's network interface is configured correctly enough that it can respond.

Ping stands for "Packet Internet or Inter-Network Groper.  The acronym was intentionally created because the originators of the term wanted to match the submariners term for the sound of a returned sonar pulse.

The "ping of death" is used by hackers to crash or disable servers and other computer systems. This puts it in the "denial of service" category, in that the computer and all of it's services become unavailable after the ping of death attack.

Here is the basic theory. The largest packet (a piece of information, analogous to a letter and envelope) that is allowed by the TCP/IP protocol is 65,536 bytes (characters) long. The TCP/IP protocol also has the ability to break one of these packets down into multiple fragments, which makes it easier or more efficient to send the data.

In 1996, some clever hackers figured out that they could break down a packet in a special way or sequence such that the sum of the lengths of all of the fragments was more than 65,536 bytes long. Effectively, the packet was sent at one size and received at a different size.

As it turned out, many receiving machines did not understand what to do with these malformed packets. Instead of simply rejecting them (which is what they should have done), the machines crashed, locked up or performed very slowly. 

The ping of death was largely countered by patching operating systems and applications, and later simply writing the code such that it could safely reject these packets. In addition, virtually all firewalls will detect and prevent this kind of attack.