In Security Last updated:
Share on:
Cloudways offers managed cloud hosting for any size business to host a website or complex web applications.

With every technological advancement comes an increase in cyber security attackers and threats. In this article, we will discuss one of the types of DDoS attacks that attackers can use to disrupt service within a system: Ping of Death and ways to safeguard yourself against it.

What is Ping of Death

PING of Death is a denial of service (DoS) attack where attackers send large packets of data to a service beyond the required packet requirement, with the sole aim of crippling or making that particular service inaccessible to other users. RFC 791 specifies that the standard IP Packet required is 65,535 bytes.

Any amount of bytes above this could cause the system to freeze or crash when processing the request. 

How does Ping of Death work?

Credit: Wallarm

Ping of death is caused by an oversized internet control message protocol (ICMP) packet being sent across a network.

A ping (Packet Internet or Inter-Network Groper) or ICMP echo-reply tests a particular network connection to validate if the network exists and can accept the request. This test is carried out by sending a ping, a piece of data, and expecting a response in return. 

Based on the response, the status of the service is verified. 

Attackers carry out the Ping of death DDoS attack by sending large packets, violating the RFC791 Internet protocol requiring a valid IPv4 packet of 65,535 bytes.

Attack cannot send packets larger than this size. Hence, they send packets in fragment, which, when the system assemble the packet, result in an oversized packet, causing the system to freeze, hence the name ping of death.

Also Read: Different Types of DDoS Attacks and How to Prevent Them

Ping of Death Attack: Examples

#1. DNC campaign hit

In 2018, the Democratic National Committee was hit with a DDoS attack. These attacks were carried out when the DNC and DCCC were either fundraising or had a candidate increase in popularity. DDoS attacks such as the ping of death are carried out to ensure disruption and can be used as a weapon in rivalry situations by competitors.

#2. Australian census attack

Australian Bureau of Statistics ABS 2016 suffered a DDoS attack, where citizens could not access the bureau’s website to participate in the census. The attackers’ PoD attack was targeted at congesting the network to block Australians from participating in the census.

#3. Whitehouse mistaken identity PoD attack

In 2001, a white house parody site,, was a victim of the Ping of Death attack. The attacker’s target was the website, but they mistook it for – a weak parody website.

Brook Talley, who discovered the attack, mentioned that for 13 hours, the website had received a large flood of ICMP echo requests. It was discovered that the aim of the attackers was to attack and cause a denial of service DoS on the site.

Also Read: What are Wi-Fi Pineapple Attacks, and How to Prevent Them

Best Practices to Stay Safe from a Ping of Death Attack

Attackers leverage vulnerabilities and loopholes within systems to gain access. Every system and service must ensure their systems are adequately safeguarded to maintain security and system flaws that could be leveraged. Below are some best practices that can help keep your system safe.

Keep your systems updated

Ensuring your system has the latest patch and update is the best practice. Updates and patches to the system are constantly being developed to ensure that all security issues are being fixed, and knowing that attackers leverage these security issues, keeping your system updated will help block this vulnerability. 

Filter packet

The Ping of death attack leverages the transferring of packets. Each packet contains the header, which houses the source IP address, destination IP address, protocol, and port, while the data payload includes the data to be transmitted.

Adding a packet-filtering firewall help to filter packet being sent to the server from a client and ensure only packet that meets the required rule is being fulfilled. However, the downside is that the system could block legitimate requests.

Network segmentation

One of the goals of DDoS attacks is to freeze the services from using legitimate requests. Segmenting your network is also a best practice, as it helps mitigate against an outright shortage of your service. Isolating critical services and data into various locations will make other resources available to be used as a fallback in the occurrence of an attack.

Monitor traffic

Continuous monitoring of network traffic and logs can be an early detection against many DDoS attacks, including ping of death. This helps you understand your system’s regular traffic from abnormal traffic and plan preventive measures to detect anomalous traffic flow.

Also Read: Cyber Attack Simulation Tools to Improve Security

Use DDoS solutions

Several companies are developing a solution to help mitigate or provide an early detection of these attacks. Integrating this service within your system can add a layer of protection to your system. Below are some of these solutions that could be leveraged.

#1. Cloudflare

Cloudflare is one of the leading solutions against DDoS attacks. It provides your system with a three-layer protection against attack in layers seven, the application layer (L4), and the network (L3).

Cloudflare offers Firewwall-as-a-service that helps set up rules and policies to mitigate against unwanted packet access. With the inbuilt monitoring system, Cloudflare continuously monitors network activities against any form of DDoS attack. 

#2. Imperva

Imperva solution against DDoS attacks like PoD ships with instant notification against malicious activities, accessible and continuous monitoring of network traffic, and easy integration to SEIM tools. Impreva offers protection to the website, network, and individual IP protection.

Impreva can cut off malicious traffic through a system that runs all incoming traffic through Imperva scrubbing centers, ensuring that only legitimate requests are processed. 

What is the difference between Ping of Death (PoD) and Smurf or SYN Flood Attack? 

SYN Flood attack is a DDoS attack targeting the TCP handshaking process, unlike PoD, which targets ICMP. This attack involves the attacker sending a large number of TCP SYN (synchronization) packets with spoofed source IP addresses.

The system processes the response, allocates resources, and waits for the ACK (acknowledgment) from the client, which never gets sent. It consumes the system resource and blocks access to new requests from being processed.

Smurf attack, on the other hand, is also a DDoS attack that leverages on ICMP and IP broadcast address, in which many ICMP packets are broadcasted to a network with the victim’s IP address as the origin, making the network freeze.

Also Read: Zero-Day Vulnerability, Exploitation, and Attack Explained

Step to Take After in the Occurrence of a PoD Attack

In the event of a successful PoD attack, you must begin to work immediately to restore your system to its functional state. The longer your system/service is down, the more damage the PoD attack does to your system’s reputation. Below are some points to have in mind in the condition that this occurs.

Separate system

It is crucial to be able to isolate different parts of your system. The goal of every attack is to gain access to a single vulnerability that will give access to the entire system. If this is not checked and done on time, and the attack can last longer with the system, more damage can be done.

Locate source

Monitoring is vital to identifying abnormalities within a system. In the event of an attack, the source of the attack must be identified as fast as possible to ensure that the source is cut off from processing further damage because the longer the source remains, the larger the damage done.

Run system update

After an attack, it is crucial to check for any system updates and patches that have not been made since PoD primarily leverages vulnerabilities; these patches and updates are usually done to fix those bugs.

Plan and Monitor for a future attack

Planning for the occurrence of an attack helps an organization have a list of activities that are required to be done in the event of an incident. This helps mitigate the burden of not knowing what to do when an incident occurs. Continuous monitoring is critical to early detection of these attacks.

Report incident

Reporting any attack is essential to ensure that the authorities are aware of the issue and help find and track down the attackers. 

Final thoughts

Security is an essential part and one of the keys to success as more services move to the cloud. Organizations offering services and solutions should ensure that they put in all measures on their part to avoid a leak for an attacker within their system. 

Next, you may also explore top cloud-based DDoS protection for small to enterprise websites.

Share on:
  • Aminu Abdullahi
    Aminu Abdullahi is an experienced B2B technology and finance writer and award-winning public speaker. He is the co-author of the e-book, The Ultimate Creativity Playbook, and has written for various publications, including Geekflare,…
  • Narendra Mohan Mittal

    Narendra Mohan Mittal is a versatile and experienced digital branding strategist and content editor with over 12 years of experience. He is a Gold Medalist in M-Tech and B-Tech in Computer Science & Engineering.


Thanks to our Sponsors

More great readings on Security

Power Your Business

Some of the tools and services to help your business grow.
  • The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder