Re: Dos Attack type : Teardrop!!

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 10/04/03


Date: Sat, 4 Oct 2003 21:49:27 +1000

It's a very old attack against TCP/IP stack, using fragmented packets.
It's rarely seen these days, as Microsoft Windows stack was fixed back in
1997 and nobody's interested in anything else. There's a chance that the
router might have mistaken legitimate fragmentation with teardrop.

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Russell" <newsgroup@paperdragon.ca> wrote in message
news:03c401c38a52$b0ad88e0$a001280a@phx.gbl...
> I have a d-link rounter, di-704p, and it is recording in
> its firewall log "Dos Attack type : Teardrop!!".  Just
> wondering what this is.  Nothing is getting thru the
> firewall, just curious what type of attack this is.


Relevant Pages

  • Re: IPv4 fragmentation --> The Rose Attack
    ... > irrelevant to me - it's a local attack against them that isn't likely ... I work at many other places than on my own personal computers. ... packets in 2 minutes then no legitimate fragmented packets can ... When you stop the device recovers ...
    (Bugtraq)
  • Re: Huge security hole in Kerio 2.1.5
    ... >>fragmented packets, and thus wouldn't be efficient toward an attack based ... IP packet reassemble is supposed, strictly speaking in terms of the ... to be handled at the receiving host ...
    (microsoft.public.security)
  • Re: Huge security hole in Kerio 2.1.5
    ... Laurent wrote in ... > fragmented packets, and thus wouldn't be efficient toward an attack ... don't even add any rule, but with systray icon, ...
    (comp.security.firewalls)
  • Re: Huge security hole in Kerio 2.1.5
    ... > fragmented packets, and thus wouldn't be efficient toward an attack ... You might try Kerio 4.x, which doesn't suffer from the fragmented packet ... I don't know of any software firewall that doesn't ...
    (comp.security.firewalls)