Ping of death is an attack caused by an attacker, by sending IP packets which are larger in size than the IP protocol can handle. Normally a ping is 56 bytes in size or 84 bytes if the headers of the Internet Protocol are considered. Many computer in those days simply couldn’t handle a packet which was bigger in size than 65,535 bytes, which is the maximum packet size of IPv4.

One of the features of the TCP/IP model was to send a single packet into multiple small packets, this feature is called as fragmentation. In the year 1996, the attacker found the fragmented packets sent to the destination computer could add up more than 65,535 bytes, which caused buffer overflow. The attacker which wants to send over sized packets, only requires the IP address of the destination computer.

Ping of Death

Normally sending a packet of size higher than 65,535 bytes would violate the Internet layer protocols, but a packet of this size needs to be fragmented. And when the destination computer re-assembles the fragmented packets into a single packet, buffer overflow can occur.

Since the operating system wasn’t programmed to handle this kind of situations, it would crash, re-boot or even freeze when the packet size exceeded the IPv4 maximum, when re-assembled.

In the late 1976, operating system vendors started releasing patches to avoid these kind of situation.