COMMAND

    Ping of Death

SYSTEMS AFFECTED

    Win NT 3.51, 4.0

PROBLEM

    Large packet pings (PING -l  65527 -s 1 hostname) otherwise  known
    as  'Ping  of  Death'  can  cause  a  blue screen of death on 3.51
    systems:

        STOP: 0X0000001E
        KMODE_EXCEPTION_NOT_HANDLED - TCPIP.SYS

    or

        STOP: 0x0000000A
        IRQL_NOT_LESS_OR_EQUAL - TCPIP.SYS

    NT 4.0 is vunerable sending  large packets, but does not  crash on
    receiving large packets.

    Some  versions  of  all   Windows  based  operating  systems   are
    vulnerable to larger than normal ICMP packets. If someone were  to
    issue the  ping command,  specifying a  large packet  size of 64k,
    then  the  TCP/IP  stack  will  cease  to function correctly. This
    effectively takes the system  offline until rebooted --  and thus,
    successfully achieves  a denial  of service  attack. The following
    command can be used to test for the problem:

        ping -l 65524 host.domain.com

SOLUTION

    Stopping the Ping of Death is not so hard, just install the latest
    Service  Packs  or  updates,  depending  on what Windows operating
    system you're running.

        Windows NT 4.0
        ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/

        Windows NT 3.51
        ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt351/

        Windows 95
        http://www.microsoft.com/windows/common/contentW95UGA.htm