The Ping o' Death Page Diary

7th November till 24th December

• Ho humm.. back to the bleak London winter. I now have two people listing problems with their Ascend P50 routers. 4.65Ci17 dies after the (roughly) 11th packet of 65510 bytes. To the best of my knowledge Ascend are *still* unable to reproduce this.
• The Synoptics (Bay networks) 2813 repeater v5.1.1 appears safe
• The latest upgrade to the Alantec powerhub 7000 (which bears the very complex version number v7-2.6.3.2 pl 9) seems to be no longer vulnerable to the Ping O' Death. Bruce McIntosh tells me that you can contact Fore Systems on 1-800-671-3673 (assuming you are in the US) with regard to downloading the latest code
• Earlier versions of UCX (than v4.0) for VMS are vulnerable to - this may not have been obvious from my pages. v3.3 definately dies., but I have no information on any patches for versions other than 4.0 and 4.1
• The Shiva Access switch (v4.5) ignores the Ping O' Death, unlike the Shiva Access Port, which dies.
• Hubs manufactured by the german company Hirshmann are resistant. I'm not sure exactly what they're called, so I'll just call them "Hirschmann Hubs", because it's kinda catchy.
• Tandem have released patches (or IPM's, in Tandem-speak) for their NSK. Patches are available for the D30 (IPM #T9551ACX) and D40 (IPM #T9551ACY) versions, but no patch is planned for the D20, as it is "at the end of it's life". The message I got on this is reproduced in full on the page.

• Well, I swore I'd never enter one of these places, but I'm sitting in a Net Cafe in Wellington when I should be at the beach. Dedication! On with the news. BTW, as I am paying by the hour for this connection, the credits are not being updated until I get back to the UK.
• 3Com have released patches for their Netbuilder II series. So now the WA v8.3.0.84 and the FF v9.1.0.24 are safe - upgrade time!
• The Lexmark Optra Laser printer is safe
• The Chase IOLAN Terminal server is safe
• The Ascend pipeline 25 is reported safe
• IBMs stylishly-named "Information Warfare Centre" have mailed me a good summary of the problem with the Ping O'Death and the SYN flood too. As well as having the information on patching AIX "Straight from the horses mouth", it's quite a good summary of the two problems in general. It's here, and may be of interest to non-AIX people too.
• The realtime unix-like OS QNX (v4.22) survived

• Hurrah! I'm on holiday now for three weeks in New Zealand. If you e-mail me at Mike.Bremford@bl.uk, it won't get through. Please send mail to mike@opac.bl.uk from now on, otherwise you will think I'm ignoring you. I'll still be keeping the page up to date, just not quite as often (every few days).
• DEC are unable to reproduce the problem with VAX/VMS. If anyone can, send me or Dave Flanders from DEC the crash dump. There is an outside chance this may be something to do with the fact that the box was running Pathworks v5.0. This is reproducible...
• There are temporary patches out for Solaris x86 2.5 and 2.5.1! The ID's are T103170-10 for 2.5 and T103631-05 for 2.5.1. Expect final patches soon. I have no idea what's happening with 2.4, but I expect it's coming.

• Just had a report that Vax/VMS can be crashed... The victim was a MicroVAX 3100-80 running OpenVMS v6.2 and UCX v4.0, and the "perp" was an alpha running NT4.0. Symptoms - the sender gave a "bad IP parameter", the VAX gave a beep, and then dumped memory and rebooted... DEC pretty much convinced me that VAX/VMS was safe, but I'm duty-bound to move this to the "just might be vulnerable" pigeonhole until I hear for sure either way. If anyone can reproduce this I would love to know (and so would DEC I imagine).
• 3Com Netbuilder II router reboots on the Ping o' Death

• FreeBSD 2.2 and 3.0 are safe. In fact, it may be rash but I would hazard a guess that *all* versions of FreeBSD are safe from 2.0 on, and possibly even before.
• Convex have released a patch for their ConvexOS - contact the TAC. They are working on a patch for SPP-UX as we speak
• The 3Com (aka Chipcom) Oncore Advanced Ethernet Management Modules are succeptable, but not terribly so. On receipt of a large (65527 byte) packet, the console spits out the error message "process_input:esballoc failed:pkt dropped", and the Management functions (eg OnDemand NCS) are intermittently impacted for three minutes or so, after which it seems to sort itself out. (The firmware tested here was 4.20-A
• Digitals PESwitch (firmware 1.1.0) dies after 10 or so large packets are passed through it in quick succession.
• OK, I'm amused. In the battle for "who had the patch out fastest", the new Linux time is 2 hours, 35 minutes 10 seconds. (This is based on the time difference between the message notifying the Linux community of the problem, and the message with the patch). It seems no-one could find a Windows '95 box to test it...

• In a sign of Euro-solidarity, we now have two German Mirrors, both here and here, and a Danish one here for your convinience.
• NetBSD 1.1 owners! Someone has crashed their machine when trying to send a ping...

• Time to get a new mailer... I've had a slightly incorrect version of the NT script here for a couple of days. Well, I've been sent a uuencoded copy now, and I'm sure it's correct now. Sorry for the mess.
• Network Systems have let me know that their systems resist the Ping of Death. This includes the Borderguard 1000 and 2000 and the Passport system.
• Tandem do a varient on Irix, which is vulnerable in the same way as standard Irix.
• Well, I was asking for it. Bill Webb from Telebit just thought he'd let me know that he had the emergency patch out for the Netblazers within 2 hours of being notified... . While he was at it, he let me know that there is an emergency patch for the LS-2PT. The official patch (3.1pl12) is now available for the 386 v3.1 systems.
• I've heard that if an NT4 box is pingflooded, especially if it is running the freebie web-server, it can be crashed. Only the one report though, while a lot of people have failed to do even dent it from outside.

• It looks like Windows '95 is vulnerable to the same problemas NT 3.51 and NT 4.0 - it doesn't like sending large packets. There is no hard and fast way to reproduce it, but a few people are killing their '95 machines with the 'ping another.ip.address -l 65527 -s 1 -t' command that Microsoft acknowledge can kill 3.51. I've shuffled '95 up to the "at risk" box, which was quite satisfying actually :-)
• Acorn have tested their RISC OS system (version Internet 4.xx and 5.02) and found it safe
• The following have been tested and found safe: ICL DRS/NX SVR4.2 v 7.7.8, ACC Danube (this agrees with ACC's tests but not with one of our readers...) and an Axis NPS 550 printserver. The ACC Nile hangs for about 15 secs, and then comes back to life.
• Word on the MkLinux front is that the Linux patches can be applied - there might be a few reject files, but you're used to patching them by hand, right? The bad news is that this upgrade is not currently supported by Apple or OSF, so you're on your own if something breaks.
• Greg Thomas has mailed me the patch descriptions for the UCX stack on VMS, which I am now able to reproduce here for your perusing pleasure...

• Updates on the firmware front. Bay Networks have released patches for their routers - the reference is Change Request CR24142. The fix is in 8.12/rev 14 and 10.01/rev 3. 11.00 also contains the fix.
• Telebit have also released an official patch for their Netblazer 40i, so I'll no longer be offering the emergency patch from this site. The latest patch (v3.1 level 12) fixes the problem.
• The word is that you can not apply the AIX patch IX59453 to the Apple Network Server. So if you were thinking of it, don't because you won't be able to boot. Still no word from Apple on this.

• Last one for the day - Win 3.11 with Novell client 32 seems to holds up.

• Maybe I should rename this page to

  ---

  Transfer interrupted!