Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Security Best Practice: Protect Yourself from Ping of Death Attacks

Subscribe

Check Point Reference: SBP-2008-18
Date Published:
Severity:
Last Updated:
Source: IPS Research Center
Industry Reference(s): CVE-1999-0128
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
Who is Vulnerable?
Computers and Networks
Vulnerability Description
A Ping of Death (POD) is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 56 bytes in size (or 84 bytes when IP header is considered); historically, many computer systems could not handle a ping packet larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size could crash the target computer.
Vulnerability Details
Generally, sending a 65,536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. The attacker sends a fragmented ping request that exceeds the maximum IP packet size (64KB).

Protection Overview
This protection detects and blocks overly long ping requests.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Network Security > Denial of Service.
2. In the right pane, double-click the Ping of Death protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Ping of Death
Attack Information:
ICMP Ping of Death attack identified
Virtual defragmentation error: Large Packet

VPN-1 NGX R65 & VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Network Security > Denial of Service.
2. Select the following protection:

Ping of Death

3. In the configuration pane, under Settings > Mode, check Active. Apply additional settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Ping of Death
Attack Information:
ICMP Ping of Death attack identified
Virtual defragmentation error: Large Packet