December 2, 1996 10:00 AM ET

Ping of Death fixes released
By Norvin Leach

  Complaints about vulnerability to Ping of Death attacks over the past month have prompted Microsoft Corp. and a handful of other vendors to release patches to their products.

The Ping of Death, discovered in early October, is a denial-of-service attack that crashes network servers or firmware by overloading them with illegally large ping packets.Over the past few weeks, Microsoft, Bay Networks Inc., Galacticomm Inc., Storage Technology Corp. and the Linux community have been among those issuing patches.

Microsoft developed and plans to post a new version of its ping.exe file that will not allow users to send illegally large ping packets. Bay issued patches for its routers. Galacticomm released patches for the TCP/IP kernel in Versions 1 and 2 of its Worldgroup BBS software. And the community of developers that supports and updates the Linux freeware operating system has also posted patches.

Storage Technology Corp.'s Network Systems Group released a Net Sentry security module that blocks packets with inappropriately large amounts of data.

Further information about the Ping of Death and available patches can be found at

Copyright(c) 1996 Ziff-Davis Publishing Company. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff-Davis Publishing Company is prohibited. PC Week and the PC Week logo are trademarks of Ziff-Davis Publishing Company. PC Week Online and the PC Week Online logo are trademarks of Ziff-Davis Publishing Company.

Send mail to PC Week