DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  Ping


SYSTEMS AFFECTED

  Win NT 3.51, 4.0

  Ping Of Death


PROBLEM


    Large packet pings (PING -l  65527 -s 1 hostname) otherwise  known

    as  'Ping  of  Death'  can  cause  a  blue screen of death on 3.51

    systems:



        STOP: 0X0000001E

        KMODE_EXCEPTION_NOT_HANDLED - TCPIP.SYS



    or



        STOP: 0x0000000A


        IRQL_NOT_LESS_OR_EQUAL - TCPIP.SYS



    NT 4.0 is vunerable sending  large packets, but does not  crash on

    receiving large packets.



    Some  versions  of  all   Windows  based  operating  systems   are

    vulnerable to larger than normal ICMP packets. If someone were  to

    issue the  ping command,  specifying a  large packet  size of 64k,

    then  the  TCP/IP  stack  will  cease  to function correctly. This

    effectively takes the system  offline until rebooted --  and thus,

    successfully achieves  a denial  of service  attack. The following

    command can be used to test for the problem:



        ping -l 65524 host.domain.com





EXPLOIT

  

SOLUTION


    Stopping the Ping of Death is not so hard, just install the latest

    Service  Packs  or  updates,  depending  on what Windows operating

    system you're running.



        Windows NT 4.0

        ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/



        Windows NT 3.51

        ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt351/



        Windows 95

        http://www.microsoft.com/windows/common/contentW95UGA.htm