Teardrop

Description of Teardrop

This DOS attack affects Windows 3.1, 95 and NT machines. It also affects Linux versions previous to 2.0.32 and 2.1.63.

Teardrop is a program that sends IP fragments to a machine connected to the Internet or a network. Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines. The bug causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments. This attack has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. It should be noted, though, that while this attack is considered to be non-destructive, it could cause problems if there is unsaved data in open applications at the time that the machine is attacked. The primary problem with this is a loss of data.

Symptoms of Attack

When a Teardrop attack is run against a machine, it will crash (on Windows machines, a user will likely experience the Blue Screen of Death), or reboot. If you have protected yourself from the winnuke andssping DoS attacks and you still crash, then the mode of attack is probably teardrop or land.

How can I fix this vulnerability?

If you are experiencing teardrop attacks on a Windows based system, visit Windows Central's teardrop page, or EFnet's DoS Information Page to learn how to defend against this attack. If you are experiencing attacks on a Linux based system, upgrade to version 2.0.32 / 2.1.63 or later.