[3612] in WWW Security List Archive
"ping o' death"
daemon@ATHENA.MIT.EDU (Robert P Cunningham)
Fri Nov 22 18:52:44 1996
Date: Fri, 22 Nov 96 11:39 WET
From: bob@lava.net (Robert P Cunningham)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
There hasn't been a CERT/CIAC bulletin on it yet, but the media have
started to pick up the story.
If true, Web servers could be popular targets.
It's a new this new denial-of-service attack (based upon an IP-level
packet reassembly bug in a variety of different operating systems)
which is apparently capable of crashing or at least rebooting many
different types of machines.
...which can be launched simply from many Windows 95 and Windows NT machines.
Stories:
PC-Week, http://www.pcweek.com/news/1111/12mping.html
MacInTouch, http://www.macintouch.com/pod.html
EDUCOM, http://www.educom.edu/edupage.new
The UK Web site which has the details appears to be becoming overloaded
fairly rapidly. For the full story, it's probably best to use
one of its mirrors. Some English languages ones are:
http://www.lymehouse.com/pod.html US mirror
http://www.accesscom.com/~tdj/ping/ US mirror
http://www.cage.curtin.edu.au/security/ping/ Australia
One in Spanish is:
http://www.netculture.net/~redsecurity/bugs/ping/pingsp.html
