PDA

View Full Version : How to send the great deadly ping of doom.



botmaster
04-12-2008, 12:51 AM
First things first

First of all, I need you to understand some basic networking concepts for this. You don't know that, you're screwed, 'caus none of the below will make any sense whatsoever. Fortunately, the great awesome hardworking botmaster has made a tut about this, which can be found here (http://www.villavu.com/forum/showthread.php?t=9561). Gee... I'm too nice to you guys :D

F.A.Q:

What in the world is the ping of death???

Something very very very evil, which could potentially cause your co-workers or mates from school some serious health issues; namely heart attacks and migraine over lost work and spooky crashes of their unpatched, lame wind0w$ computers. Most intelligent, Botmaster-reading persons connected to the internet can induce this crash at will by sending out a simple "ping" to the enemy/target/terrorist, whatever you'd like to call it.

Can I REALLY crash everyone's box with this???

Yup... most people's, unless they're patched or use a 'tux based system. However, most administrators and uninformed users don't know what the word "patch" means, so you're usually lucky. It should work about 90% of the time, unless the person at the receiving end has a firewall - in that case, more *cough* illegal *cough* methods are needed.


U EVIL CRACKER!!! DONT GIVE ALL DEM SKIDD13S l337 d4nger0us h4x!

I trust most people to be intelligent enough not to misuse this info. Seriously kids: Don't. This is for purely educational purposes. And as for safety: I won't actually post code on how to construct the P.O.D. You'll have to do that yourself. I will, however, explain how it works and how to create a P.O.D.

ICMP explained

If you're an avid gamer, you've probably heard of "pings" before. For non-gamers: A "ping" is a test packet sent by a computer on a network to another, mostly for diagnostic purposes and debugging. You can find out all sorts of information via a ping: how long it takes you to reach another computer, how good the connection is, whether the host is up or down, etc. If you're keen on trying it out, open a shell or a command prompt and type in


ping google.com

You should now receive a list of packets that were received.

The protocol used for pinging is called ICMP. It can also be used for tracert'ing and triangulating hosts, but that's a different tut.

Okay.... so how do I create Ping of Death?

The standard ICMP "ping" packet is 64 bytes large. Now, what were to happen if someone mischievous sent a longer packet? It might... cause a crash! Basically, the POD is just a huge ICMP packet which causes a buffer overflow in window$ systems. This happens once the ping's size reaches over 65,535 bytes.

(Un)fortunately, most ping programs have protection against this. Not sure about wind0ws (haven't tried it), but my version of the GNU coreutils won't allow me to send a packet that large. So... time to get out those rusty programming skills and hack away. If you're good with C++ or Java, you can create a simple applet/application that sends a ping over the size limit. Wikipedia's ICMP documentation (http://en.wikipedia.org/wiki/Ping#ICMP_packet) is your best friend in this case.

Why in the world does this work???
Hmm... Good question. Maybe you should ask the guys over at Redmond, who have a lot to answer for. But the direct fault is with the buffer size of TCP's receiving end, which is exactly 65,535 bytes long. Anything over that and a seg fault occurs - there won't be enough allocated memory left for the program to reassemble the packet. In w1ndows, out of memory = crash. Typical micro$oft strategy. Really... you should have a firewall if you're so daring as to use their products.

And... where can I find a program that does this for me without me having doing all the work of programming an entire protocol structure?

:google: Keyword: Teardrop. Just remember: If you accidentally install malware, I'm not at fault. Capisce? Good. Most online versions are contaminated. Don't be lazy, do some work. The community will thank you (or hate you for the rest of your life depending on if they got POD'd or not).

Please be reasonable and respect other technology users. POD'ing is not cool, and it doesn't make you a super-l33t famous sexy *insert positive term here* hacker, like me :p ; it merely shows that you have no intellect and too much spare time.

Last words (of a man dying of sleep)

Have fun (h) . I wrote this at 2:42 in the morning, so if anything is wrong, just spam my PM Inbox and I'll see towards correcting it tomorrow *yawns*.

Oh, and btw... Just because I'm making a post doesn't mean that I'm finally coming out of hiding. I'm still inactive, and was just curious where SRL is going. Seems like everything here is as always :D.

hamuthecow_ALIVE
04-12-2008, 01:35 AM
thast nice ill use the wiki to bombard my school w/ packets, this is actually a really nice way to crash a server, instaed of w/ malware etc....
ill make usre to do this to my home server, its a real server(WHOLE PACKAGE), and give u feedback.

bullzeye95
04-12-2008, 05:43 AM
Very nice tutorial! Learned something :)


thast nice ill use the wiki to bombard my school w/ packets, this is actually a really nice way to crash a server, instaed of w/ malware etc....
ill make usre to do this to my home server, its a real server(WHOLE PACKAGE), and give u feedback.

Remember: script kiddies r bad

chitin
04-15-2008, 04:37 PM
i kinda did a tut like this, and neilsie closed it cuz it counts as dos/ddos...however many you you target...but hey for us who know how...neat..

palmpilot71
04-16-2008, 03:26 AM
Not to be a nUb but can U target certain IP's with this??? Or only websites (like SRL no jkjkjkjk)?

botmaster
04-16-2008, 11:19 AM
You can target any system that is unpatched and allows ICMP requests. That includes websites, computers, etc. But most webservers have patches against this.

I used to use this as an emergency shutdown procedure for one of my webservers which was out of my physical reach - to be exact, 1000 mi overseas. Since the system was unpatched, when I was sure my system was compromized by malware (and the sendmail log was filled with spam messages), I shut it down remotely using the ping of death. It's rather crude, but better than calling an admin on site who needs 24 hours to power down the system without affecting the rest of the server farm.

ape
04-16-2008, 03:03 PM
This only works on servers that are somewhat ancient I believe. Its actually hard to find a server that is unpatched. These ping requests are blocked extremely easily by firewalls as this is not the first time this has happened....
http://en.wikipedia.org/wiki/Ping_of_death

dakisback
04-23-2008, 07:59 PM
Isn't Ip flooding illegal? I always believed it was.

rkroxpunk
04-23-2008, 11:45 PM
If you don't own the server then yes. ^^

I never really thought about pinging being TCP but now I think about it that makes sense >.<

flaminhaz
05-17-2009, 10:48 PM
Nearly everyone has a firewall so the 'great ping of death' method will not work unless you have a few thousand computers doing it at once. I would advise you research DDoS'ing and DoS'ing

Dynamite
05-17-2009, 10:52 PM
Gravedig of over a year. Mod close please

T~M

Dervish
05-19-2009, 12:11 AM
Gravedig of over a year. Mod close please

T~M

Gravedigging does not affect tuts :).

footballjds
05-19-2009, 12:57 AM
Gravedigging does not affect tuts :).

pownt!

Markus
05-19-2009, 02:07 AM
Wow, pings of death are really really really really old, I heard about them in 1998 already O.o
Btw Wikipedia: However, most systems since 1997-1998 have been fixed, so this bug is mostly historical.