Teardrop
Description of Teardrop
This DOS attack affects
Windows 3.1, 95 and NT machines. It also affects Linux versions previous to
2.0.32 and 2.1.63.
Teardrop is a program that
sends IP fragments to a machine connected to the Internet or a network. Teardrop exploits an overlapping
IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines. The
bug causes the TCP/IP fragmentation re-assembly code to improperly handle
overlapping IP fragments. This attack has not been shown to cause any
significant damage to systems, and a simple reboot is the preferred remedy. It
should be noted, though, that while this attack is considered to be
non-destructive, it could cause problems if there is unsaved data in open
applications at the time that the machine is attacked. The primary problem with
this is a loss of data.
Symptoms of Attack
When a Teardrop attack is run against a
machine, it will crash (on Windows machines, a user will likely experience the
Blue Screen of Death), or reboot. If you have protected yourself from the winnuke andssping DoS attacks and you still crash, then the
mode of attack is probably teardrop or land.
How can I fix this vulnerability? If
you are experiencing teardrop attacks
on a Windows based system, visit Windows Central's teardrop page, or
EFnet's DoS
Information Page to learn how to defend against this attack. If
you are experiencing attacks on a Linux based system, upgrade to version 2.0.32
/ 2.1.63 or later.
|