The jumbo-frames kernel-panic-via-ping described in this Ars Technica article about the FreeBSD WireGuard scandal had another name back in the day - the Ping Of Death.

· · Web · 1 · 2 · 4

And I worked, briefly, with a semi-retired signals-intelligence tech who worked for one of the Five Eyes back in the day and stopped giving a fuck after his second lunch martini, so I have a story about that.

The original Ping Of Death was a bug in a bunch of different TCP/IP stack implementations - most often, but not exclusively, Windows machines - that naively reassembled large packets without consideration for the fact that they were larger than the spec-maximum size allocated to them, overwriting kernel memory and causing the machine to crash. But if you can overwrite kernel memory., then....

I turns out that if you sent just the right too-large packet to just the right machine, that buffer overflow amounted to, you could ask that computer to do whatever you wanted it to do, whenever you wanted to do that. "At first it was fun. After a while it was embarassing" is a direct quote.

... and I think that's what FreeBSD has narrowly avoided.

In conclusion, history informative, code review and software audits good, buffer overflows bad, early-nineties infosec disastrously terrible, thanks for coming to my ted talk.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!