Denial of Service : Ping of Death [Kali Linux]

-

Ping of Death (PoD) Attack:

The Ping of Death (PoD) is a specific type of DoS attack. In a PoD attack, an attacker sends a malformed or oversized packet to a targeted machine, causing the system to crash, freeze, or reboot. Here's how it works:

  • A correct Internet Protocol version 4 (IPv4) packet comprises a maximum of 65,535 bytes, and most legacy computers cannot handle larger packets.
  • Sending a ping larger than this violates the IP rules, so attackers send packets in fragments which, when the targeted system attempts to reassemble, results in an oversized payload that can cause the system to crash, freeze, or reboot.
  • Routers with no security mechanism (like a Firewall) to protect them from this flood of packets are also vulnerable. 
  • The vulnerability can be exploited by any source that sends IP datagrams, which include an ICMP echo.

Let us see through a simple lab demonstration, how it might play out.

Here we have Linux with Kali distribution on EVE-NG.

Directly connected to a router's interface.

Let's configure IPs on the Router and Kali so that we can ping and I will show you how a vulnerable device can be easily exhausted and crashed.

Just assign the IP on the Gi0/0 interface and save the configuration.



To check the effects of a Ping of Death attack. Let us see the cpu-usage and ICMP packets incoming.

CPU utilization is at 7%.

Enable debugging ICMP packet debugging.

Now go into Kali Linux, log in to the device, and go to Settings > Advanced Network Configs


Select the wired connection and click on the settings icon.


Go to IPv4 settings and choose the method to be manual.

Assign and useable IP within the subnet and no need to give Gateway IP as we are already connected to the router directly.

Save the configs.


Check the configured IP on the Kali terminal.

Use the "ifconfig" command.


Run a simple ping on Kali and see the output on the router side.

 



Connectivity is fine we can ping.

We can see that the debug results are there as well.


You can see the CPU utilization just went up to 12% while processing ICMP packets. Pretty normal stuff.


Now to initiate a basic DOS attack from Kali Linux hping3 (host ping - flood mode).


Need to have admin rights (root user), use command "sudo su" and enter the password.


Ran the attack for 1 minute, just to see the effect on CPU usage & 1439807 packets were transmitted. 

If longer attacks are used you risk crashing the router and CLI goes down as well, so results are difficult to verify.


The CPU usage is more than 3x as it was before(7% on bootup).

Right now the router is just connected to Kali and is not forwarding other traffic and not running any protocols.

So by default practice, any ICMP packet above 1024 is dropped by firewalls.

We can verify that by pinging Google.


So this is a basic demonstration of how a vulnerable system can be compromised if not protected.

If you have any information and interesting perspectives to share on Ping of Death/DOS Attacks, do write in the comments or reach out to me on LinkedIn.

Thanks for the read.

Comments

Post a Comment

Popular posts from this blog

GRE over IPSEC Tunnel

-
Image
When it comes to enhancing VPN security, the combination of GRE (Generic Routing Encapsulation) and IPsec (Internet Protocol Security) is a powerful duo that significantly boosts data protection and network efficiency. Let’s dive into the benefits: Enhanced Security : By merging GRE with IPsec, network engineers can ensure not only the versatility of GRE tunnels but also the robust security measures provided by IPsec. This amalgamation is crucial for creating secure VPNs that are resilient against cyber threats while maintaining high performance and reliability. Protocol Agnostic : GRE can encapsulate a variety of protocols, making it extremely versatile in multi-protocol environments. It simplifies the setup of VPNs over diverse networks by providing a straightforward way to encapsulate different protocols. Performance Optimization : GRE’s lightweight encapsulation minimizes overhead, resulting in improved performance. It allows efficient transport of packets over heterogeneous networ...
Read more

OSPF Special Areas

-
Image
  OSPF areas and Special Areas Use in Networking: 1. Scalability: As networks grow, the number of routers and links can increase exponentially. This can lead to large routing tables and high CPU utilization due to frequent SPF calculations. By dividing a network into smaller areas, OSPF can limit the impact of topology changes and keep routing tables manageable. 2. Reduced Routing Traffic: OSPF uses Link State Advertisements (LSAs) to share information about network topology. By confining LSAs within an area, OSPF can reduce routing traffic across the network. 3. Security and Administrative Control: Areas can be used to implement administrative boundaries within a network, allowing different departments or locations to manage their own networks. Now, let's discuss the special areas in OSPF: Stub Area: A stub area is an area that does not accept external LSAs. This means that routers in a stub area only know about networks within their area and a default route to the rest of the n...
Read more