This place has a lot of smart people, so I figured I'd post this here since there has to be some IT guys.

Heres the story... I'm working with an outsider who is sending a file to my server every Monday morning. At the exact time he sends the file (whether he sends it FTP or just attaches to an email) he gets a message that shows my server is sending him a Ping of Death (the times match exactly every time). I'm familiar with Ping of Death in that it is triggered by what a system considers to be odd size packets. Having done a little research I found that the Ping of Death can be detected through innocent activites such as FTP or other protocols. In other words, its not a completely accurate error. He insists that I have a scheduled job that is pinging him at the same time. I say thats ridiculous, but I've checked the job scheduler and theres no such job. I even went as far as searching every program written on that server to find his IP address, hoping I would find a program thats kicking off that somehow I missed.

I guess what I'm looking for is additional outsider idea sof what exactly Ping of Death is to see if maybe I'm misinterpreting it. The guy I'm working with is extremely stubborn and isnt listening to what I'm telling him anyways, but it will make me feel better if I can be reassured that I understand Ping of Death and that it could be an invalid error.

Any help is appreciated.

I have no help - I'm just amazed that there is something called the "Ping of Death." That's cool.

dola,

It makes me think of the movie, "The Ring" applied to the internet. It is a Ping that is so evil that when you receive it you die a week later.

OK - I need to go back to work now. :)

How is he sending you this file? (program, protocol, etc.)

What is your operating system? His?

Do you have logging software on your system to see what traffic is coming in and out of your server? Is your system contacting his? It isn't that hard for someone to "spoof" their IP address to make an attack look like it is coming from you.

We are on an AS400 using OS400. He wont tell me what he is on. He has sent the file using FTP and received the Ping of Death in his log. He stopped using FTP altogether and sent the file attached in an email. Again, he got the Ping of Death in his log. The times matched exactly with the time he started the transaction. Its as if any TCP activity between our servers produces the Ping of Death for him.

On an AS400 we can see every job that started and when it stopped whether its system produced or a program we wrote. There is nothing in the job scheduler even close to the time it happens and we searched all history files and found nothing happening around that time.

As far as network tools to see whats going on, like a trace... well, we dont have them and our ISP wasnt willing to do this at the ISP level.

heybrad, you should be able to run a trace on the 400 that should capture what is being sent and received. Just be careful with running it too long or the log could start to eat up resources if you have a lot of activity going on.

I hadnt thought of that. Thanks Eaglefan. And you're right about the logs. We've run a trace before and they get huge fast.

Any update on this? I was quite curious about the story.

SI

Funny you should ask. I'm on the phone with our ISP right now. Everyone I've talked to still says that Ping of Death is an unreliable error message. I found an article that talked about the IT security industry overreaction to packet size issues which is right in line with this problem.

Does he have the proper logon and password for FTPing and does the server have an FTP account associated with the folder? Maybe he is trying to send and is getting rejected for inproper security?

Or maybe he is having a virus or something that has the server send him a ping of death everytime he tries to use the FTP port.

I'm just guessing since I have never seen this stuff before.

Try just restarting both the server and the client machine for starters (if you haven't already).

Good luck and tell us how it goes.