Forgot your password?
typodupeerror
Bug Microsoft Windows Technology

Microsoft Patches 1990s-Era 'Ping of Death' 128

Posted by Soulskill
from the better-late-than-never dept.
CWmike writes "Microsoft on Tuesday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.' While other patched vulnerabilities we more serious, one marked 'CVE-2011-1871' brought back memories for nCircle's Andrew Storms. 'This looks like the Ping of Death from the early-to-mid 1990s,' he said. 'Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot.' Two decades ago, the Ping of Death (YouTube video demonstration) was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system."
This discussion has been archived. No new comments can be posted.

Microsoft Patches 1990s-Era 'Ping of Death'

Comments Filter:
  • umm (Score:1, Informative)

    by newton62 (56617)

    better late then never!

  • by atlasdropperofworlds (888683) on Wednesday August 10, 2011 @12:32AM (#37040562)

    Just FYI, the POD doesn't affect any modern OSes. It used to bring down Windows NT (and earlier), early linux kernels, as well as Mac OS 7 back in the day.

    • by Anonymous Coward

      When I was in college I once witnessed it put to good use. I was over in a friend's dorm room. It was 2 am and the asshole above him was playing Quake with the volume at 11. It was a well known secret at the time that the network admins kept a "hidden", but world-readable list on the unix server of every IP address in the school, including who it belonged to, what room, and what wall port. So my friend grepped the list for the room number above him, guessed which wall port, and then POD nuked the IP address

    • by Anonymous Coward

      From TFA:
      Storms said it appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s.

      "it appeared"?
      The bug affects the QoS service on Vista and newer OSes - a service which wasn't available in 1990 on windows.
      XP and machines without URL-based QoS enabled are unaffected.

      Also from TFAdvisory: [microsoft.com]
      By default, the URL-based Quality of Service feature is not enabled on any Windows operating system.

      In other words: no big deal.
      And it's a "ping of de

  • The ping of death didnt cause your computer to blue screen, it caused it to become a picture frame. Everything, including the mouse pointer, would just stop.
    • by sg_oneill (159032)

      Depends which windows. At least one of the NTs definately would bluescreen.

      I actually had this on a function key on my mIRC client, so that if someone was trolling the IRC channel, I'd highlight their name, hit F10 (or something) and it'd kick them, ban them, then win-nuke them. More malicious types would just drop a bot into a channel and nuke everyone in there. God damn the dial-up days where wild sometimes.

      • Ah, by the time I started using NT the ping had already been fixed, Windows 95(98?) would picture frame though.
      • Re:Didnt bluescreen (Score:4, Interesting)

        by devphaeton (695736) on Wednesday August 10, 2011 @01:57AM (#37040882)

        God damn the dial-up days where wild sometimes.

        Fugganaye right. I shouldn't admit any of this, but I was into scrolling chat rooms* back in the mid-late 90s and it was the fucking Wild West. Winnukes and Portfloods for days and days. Javascript exploits and whatnot. People getting pWn3d for no good reason. You had to be patched and armed just to stay in the joint.

        There was a guy that flexed his hax0r muscle at everyone, but especially gave me shit. Seriously unprovoked bullshit, following me from room to room, then later site to site. I could write a book on this, but basically through some elaborate social engineering of several people (including his school) I was able to determine his home address. I bribed a high school friend of mine who was going to a school in the next city over to go take a picture "of the white house at this address" and send it to me. Some low-tech scanning practices and some floppy disk work at a local Staples ensued.

        The next time he fucked with me I posted the pic of his house in the chat room. I wish I had logged his responses, and the crying he did to my alt (the social engineering 'chick') over the next few days. He never messed with me or anyone else in the place again. It was a pretty good hack, and I dreamed guys like Kevin Poulsen would approve. But I actually felt pretty dirty afterwards.

        *hotelchat ftw!

        • Re:Didnt bluescreen (Score:4, Interesting)

          by Isaac-1 (233099) on Wednesday August 10, 2011 @03:23AM (#37041192)

          Yeah, the wild west days, I remember hanging around on IRC on #userfriendly where much of the crowd were of the IT types working in the .com boom which was very wild west itself. One night one of the regulars posted a message that she was on dial up and was being ping flooded by some guy with a cable modem, and asked someone ping flood the guy off the net so she could upload an important file before it was due in a few minutes. Well the moments afterward were one of those things where you look back and think, hey maybe too many people decided to unleash too much fire power at once. Sure there were those that were sitting on T1, T3, etc. lines at the time that reacted to the call within seconds, but there were also a few BIG GUNS aimed at this lowly cable modem user's IP within seconds. Think core routers from big name national ISP's, and .COM giants. When the smoke cleared a minute or two later everyone realized not only was the cable modem user in question off the net, but so was his cable provider.

          • Wow!
            What a revelation for me.
            I say this as a former n00b-troll.

            I will say that this 'lesson gave to me' in my ms- spent[sic] [1]youth had a profound positive influence on my internet behavior, except when i 'drink while posting' here on /., sad to say.
            Again, wow.
            Thanks very much, BTW, really.

            [1] Some habits are hard to break. ;-)
            As my wife has said about me many times, "At least he's house-broke, but he's not domesticated. But, I've never shopped at 'Normal-Boys-R-Us'. Ever!"

          • by Shinobi (19308)

            I was there for that, "borrowing" my school's connection.

            And yes, I used this nick in the channel.

          • by Anonymous Coward

            Not only can you not ignore the collateral damage, people should also have asked themselves if the alleged flooder had actually done anything at all. People regularly ask for help with retaliating when they're actually just looking for someone else to carry out their (first-strike) attack for them. Attacks under the guise of "active defense" are a very old tactic - Poland certainly won't forget.

        • by Shinobi (19308)

          The thing is, most of those knew NOTHING about TCP/IP, so my standard reply when people asked for my IP addy was to reply with 127.0.0.1 (and yes, that worked for PoD vs Windows...)

          In school, we used it to knock the Quake players offline, so people could do their homework etc on the school computers.

        • by SierraQ (1773076)
          I have my own story to add to the Wild West. Back then I worked on managing windows based kiosks on a campus that provided information to visitors and also ran elections for the university student government. Elections were always a pain and every kiosk needed to be up and stable for days to take the votes.

          Well, some jokers tucked away behind some terminal deep in one of the buildings decided to have some fun and sent repeated PODs to each kiosk (which did cause a blue-screen, BTW) on election day. I
      • It took me an entire week of being 'nuked' several times a day to figure out Win95 was being less stable than usual.

      • I remember those days. I was running Linux, and hanging out in a few IRC channels. There was one evening where everyone except me and one other person kept dropping out, that then reappearing 5 to 10 minutes later. I finally figured out what was going on when he got pissed off and said in public $USERNAME why won't you die!!!
        His ISP used static hostnames, so I knocked together a script that scanned for him to be on line and ping flooded him. I had cable internet, (Early adopter) so if was easy to just flo
    • by dzfoo (772245)

      I had Win95 at the time, and it did bluescreen.

      Ah, the memories. I remember being naive, and searching frantically around the intertubes looking for a "how to" document explaining how to employ the "Ping Of Death" that I just recently read about.

      My search took me to IRC, where--true to n00b form--I proceeded to ask a very dumb question:


      DZ> Can someone show me how to do the ping of death?
      Someone> Like this...

      [blue screen]

      My girlfriend was right next to me and thought it was the funniest thing. I did

  • To be clear, this bug hasn't been in Windows since the 1990's (which is how I read the title). From TFA:

    The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.

    • by Psychotria (953670) on Wednesday August 10, 2011 @02:18AM (#37040938)

      It would make more sense if you provided context for your quote

      Storms said it appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s.

      The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.

      • I don't know what "different vulnerability" means, so I'm not sure what that extra sentence adds. I have two interpretations: (1) a bug was introduced, patched, and all relevant code was rewritten in Vista, introducing the original error again; (2) two rather similar but somehow fundamentally different bugs were introduced, one in the 90's and one in the Vista rewrite. That's guesswork, though, and as far as I recall not backed up by the article.
    • I think Microsoft would do the United States a big service to remove ping from consumer versions of Windows altogether. People may want to ping another server to test their connection speed but no home user needs their own computer to respond to a ping.
      • by guruevi (827432) <evi@smoking c u be.be> on Wednesday August 10, 2011 @03:25AM (#37041204) Homepage

        That is stupid. Any IP host should respond to a ping. It's one way of testing if everything is working. Disabling ping just because your IP stack is buggy is security through obscurity. ICMP has to be implemented according to standard.

        • Would it kill you to have the Windows machine initiate the ping to a server instead of replying to it? Would it kill you to just transfer a file from one machine to another if you want to see if everything is working?

          Making a Windows machine ignore ping requests will not make it impossible to test a network connection, Mr. "+5 Insightful for calling somebody stupid". What it will do is make it slightly harder for unwanted attackers to know there is a computer there. Security through obscurity might not be t

          • by guruevi (827432)

            You're missing the point. ICMP has to be implemented in order for your IP stack to work. Whether you drop, reject or accept certain ICMP packets is irrelevant, if your IP connection wants to work, it has to process them. If there is a bug in how you process ICMP packets it won't matter whether or not you reply to them or not.

            And most recent tools don't rely on ping anymore as Windows Firewall does drop all ICMP packets. Even nmap has had the option of testing a host without ping for as far as I can remember

      • by Anonymous Coward

        You have obviously never worked with technical support for an ISP. Oh how I hate that almost no Windows-machines respond to ping, because all firewalls, including the one built into Windows disables ICMP by default. I love Mac:s and (the occasional) Linux machine you run into, because they do respond, making troubleshooting a whole lot easier.

        I think that every machine should respond to ping, it's just silly not to.

        • If you are working for an ISP in the United States then you don't need to ping anyway because all you're going to do is end up blaming the problem on the router, regardless of what the problem is.
  • by Velox_SwiftFox (57902) on Wednesday August 10, 2011 @02:44AM (#37041048)

    at 127.0.0.1 they'll find out it's armored beyond anything they can come up with

    • by laejoh (648921)
      It works even better if you provide 127.1.37.8 as your ip address! Some people start to recognize 127.0.0.1 :)
  • At first, I read that as Microsoft patents "Ping of Death". And it didn't surprise me.

  • I miss the olden times. I can't remember how many times I sent that to friends to fuck with them.
  • There used to be a Macintosh Application called WIN-NUKE, and we'd use it to crash NT-based web-servers. I think this was during the days of NT3.5, and Macs were still running System 7.1 or something like that.

    Anyhow, we were a Mac/Linux shop at the time, and during the dot-com boom, there was this dopey company called "muffinhead", we thought that was a dumb name, so we'd win-nuke them constantly.

    We'd ping them from the linux box, see a continuous stream of replies, run win-nuke, and then... the pings woul

    • by Kenshin (43036)

      I wonder if this is the same exploit used by the old Windows app "BitchSlap".

      I remember entering the IP address of someone who annoyed me into it, then seeing them disappear from IRC.

      Good times.

"Irrationality is the square root of all evil" -- Douglas Hofstadter

Working...