DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  Ping

SYSTEMS AFFECTED

  Win NT 3.51, 4.0
  Ping Of Death

PROBLEM


    Large packet pings (PING -l  65527 -s 1 hostname) otherwise  known
    as  'Ping  of  Death'  can  cause  a  blue screen of death on 3.51
    systems:

        STOP: 0X0000001E
        KMODE_EXCEPTION_NOT_HANDLED - TCPIP.SYS

    or

        STOP: 0x0000000A
IRQL_NOT_LESS_OR_EQUAL - TCPIP.SYS NT 4.0 is vunerable sending large packets, but does not crash on receiving large packets. Some versions of all Windows based operating systems are vulnerable to larger than normal ICMP packets. If someone were to issue the ping command, specifying a large packet size of 64k, then the TCP/IP stack will cease to function correctly. This effectively takes the system offline until rebooted -- and thus, successfully achieves a denial of service attack. The following command can be used to test for the problem: ping -l 65524 host.domain.com EXPLOIT SOLUTION Stopping the Ping of Death is not so hard, just install the latest Service Packs or updates, depending on what Windows operating system you're running. Windows NT 4.0 ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ Windows NT 3.51 ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt351/ Windows 95 http://www.microsoft.com/windows/common/contentW95UGA.htm