Wednesday, August 10, 2011

Microsoft finally patches "ping of death"

Well that took about 20 years.

I remember actually using the "ping of death" for legitamite business purposes.

At teh time, I was a Research Assitant in my last semester at UofL at one of my responsibilities was standing up a new Sun workstation. The static IP that UofL IT had assigned me to use was working because some other box on the network was coming up on the same IP... which is a big no-no. Since I was the "rightful owner" of the address, we used Nmap to port scan the box and used it's fingerprinting technology to determine that the other machine was, in fact, a windows 95/98 PC. Then a friend of mine helped me send a "ping of death" to the machine which knocked it off of the school network so I could then bring my workstation online.

We later found the Windows machine with the "blue screen of death" (it happened to be in the very same room as my workstation) and then fixed it to come up on a different IP (probably using DHCP).

Amplify’d from
"Microsoft on Tuesday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.' While other patched vulnerabilities we more serious, one marked 'CVE-2011-1871' brought back memories for nCircle's Andrew Storms. 'This looks like the Ping of Death from the early-to-mid 1990s,' he said. 'Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot.' Two decades ago, the Ping of Death (YouTube video demonstration) was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system."

No comments:

Post a Comment