Feeds

back to article Microsoft Patch Tuesday: The '90s called. It wants its 'Ping of Death' back

Microsoft has pushed out eight advisories as part of the August edition of its regular Patch Tuesday update cycle. With just three critical patches, the most interesting thing about this week's batch is the return of the "Ping of Death" in the form of a stability bug in the Windows IPv6 stack. The critical updates offer new …

COMMENTS

This topic is closed for new posts.
Silver badge

Brings back memories ...

A cheeky colleague at a previous employer had an automated ping of death that he'd use when bored. This was around the time of the "Back Orifice" application, which he'd also use as a practical joke, momentarily taking over random desktops in order to type naughty URLs into open browser windows. Thankfully I ran Linux, and was immune to his mucking about.

8
0
Anonymous Coward

Re: Brings back memories ...

Linux was also vulnerable to the Ping of Death....

3
2

Re: Brings back memories ...

Yeah, but only briefly. I ran the website on the Ping Of Death (after reading about it on bugtraq and realising it was going to need one). It was an "educational" week or two. During testing I dropped a machine in California from London with a single packet...

From memory the Linux kernel team had a patch within about eight hours of it going public., although there was a router macnufacturer who had one out within four, so they got the kudos.

6
0
WTF?

What does it all mean?

"Up until then the soon-to-be-pensioned-off OS needs security updating like Gwyneth Paltrow needs ice cream. "

I know what a Gwyneth Paltrow is and I know what ice-cream is. What I don't understand is the relationship implied by the author.

4
0
Anonymous Coward

Re: What does it all mean?

I'm guessing it's the name of one of her children

3
0
Bronze badge
WTF?

Re: What does it all mean?

Add me to the list of those that need enlightened....

Google turns up a Gwyneth Paltrow recipe for ice cream but that doesn't seem to fit the context.

I can imagine Gwyneth Paltrow could be the name of a new shade of dull grey, but again, it doesn't seem to fit here.

0
0
Anonymous Coward

Gwyneth Paltrow ...

didn't she use breast milk to make ice cream ?

0
0
Anonymous Coward

Re: What does it all mean?

is it because she is, a bit skinny, and could do with a few ice creams?

0
0
Bronze badge
FAIL

Microsoft FAIL

The article's title says it all, really. How any serious OS developer could still be building an IP stack so wobbly that it is vulnerable to a "ping of death" in the 21st century is quite alarming. It seems that the only time Windows ever had a stable IP stack was back in the days when they were simply running a pirated copy of the BSD stack.

The entire operating system needs to be retired. Not just the old version, but all Windows everywhere. It is a cancer upon computing and must be eradicated.

6
18
Bronze badge

Re: Microsoft FAIL

Go away, Eadon.

12
3

Re: Microsoft FAIL

Ironically WIndows 95 (which was the fashion at the time) was never vulnerable to the Ping Of Death - it was mainly big iron. Don't recall the details on Windows NT, I think it was OK as well.

0
0
Anonymous Coward

Re: Microsoft FAIL

I suspect that Win NT 3.1 would have been vulnerable to it as it used the BSD IP stack, which was vulnerable. After NT 3.1 MS had their own IP stack which I don't believe was vulnerable.

0
1
Bronze badge
WTF?

Re: Microsoft FAIL

How can one run a pirated copy of code released under the BSD "do whatever you like with this code" licence?

6
1
Bronze badge

Regents ahoy!

Brian, there were four not-particularly-onerous terms that had to be followed to stay within the legal bounds of the BSD licence; disregarding any of the four could be interpreted as installing a parrot on one’s shoulder.

1
0
Holmes

Windows 95 was never vulnerable to Ping Of Death

"Invalid ICMP Datagram Fragments Hang Windows NT, Windows 95"

1
0

Say it isn't so!

Hahaha! OMG I missed using ping of death tool!

My main reason for using the ping of death tool was when playing the original quake game you could see other peoples ip address who were connected to the hosted game server.

I would play and make note of anyone who cheated then promptly run POD tool and would blue screen their pc thus forcing them to reboot. I hated it when they patched it back then.

4
0

Re: Say it isn't so!

I used to use such exploits to defend my IRC channel from those pesky Russian kids back in the day. "Ping of Death" didn't work for very long, much like OOB "nukes" (the winsock 2 update eliminated those) but there were still other packet fragmentation attacks like "Land" and "Bonk/Boink" and "Smurf" (if you knew what you were doing... as a last resort) that worked. I had a program that could generate those (and custom) attacks on a Windows machine by virtualizing its own TCP/IP stack (Windows lacked any raw socket functionality for spoofing packets) and hooking into your modem directly using the i/o port. (e.g. 02F8) It was funny that you could take down just about anyone with a few packets on a dialup connection.

I had a precoded attack for unpatched (Linux 2.0.something or earlier) Linux kernels too, called "Nestea" that was also similarly a fragmentation attack (kernel oops on trying to assemble offset packet fragments if I recall)

It's funny that Microsoft got something like that wrong again :-)

1
0

Ah, Winnuke

Greetz to Hound Dog!

0
0
Anonymous Coward

Downvotes

As an American may I say in general (bad implementations aside) fuck IPv6. Our country will be the very last to embrace it and I am fine with that. IPv6 is the definition of overengineered.

2
2
Anonymous Coward

Re: Downvotes

"Our country will be the very last to embrace it"

Where are you going to get all your new IP addresses from then ?

0
0

Re: Downvotes

I'm a merkin and using IPv6 just fine...

1
0

Our country will be the very last

It's an odd assertion anyway, given the amount of IPv6 activity in the US.

Also, "over-engineering" is a pretty vague slur. At this point in history, IPv4 is horribly over-engineered (just look at how load balancing works, for example).

0
0
FAIL

The instability of IPv6?

"A few ICMPv6 packets with router advertisements requests can cause a denial-of-service vulnerability reminiscent of the famous "Ping of Death". It’s a good illustration of how much we still do not know about the stability of IPv6. We continue to recommend turning off IPv6 on workstations if your network is not engineered for its use".

It's not a problem with the stability of IPv6 but with bugs in the Windows IPv6 stack ...

"A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding until restarted. The vulnerability is caused when the TCP/IP stack does not properly allocate memory for incoming ICMPv6 packets."

1
0

IE11

I see 2862772 also affects IE11.

0
0
Anonymous Coward

No Adobe Flash update?

Adobe has been synchronized their Flash updates with Patch Tuesday since March. Did nobody find any new holes in July that needed patching?

0
0
This topic is closed for new posts.