Next Generation Emulation banner

1 - 2 of 2 Posts

·
Souless Angel
Joined
·
900 Posts
Discussion Starter #1
Tonight about 12:00 est. I was pinging my Red Orcehstra server and was getting 600 ping. Odd, due to i get a 60 ping normally. Well, I disconnected my router and decided to reconnect to see if it was just some congestion. I then went to my router logs and found out I had a teardrop attack. It said the packet dropped. I did some research, but it didnt tell me if the packet drop part was a good thing or bad, any help wiould be appreciated.
 

·
Registered
Joined
·
1,577 Posts
Teardrop is a denial of service attack tool and can crash a vulnerable machine.

Bugtraq (http://www.securityfocus.org/) said:
The Teardrop denial of service attack exploits a flaw inherent to multiple vendor TCP/IP stacks. This problem is related to how the TCP/IP stack handle reassembly of fragmented IP packets.

This attack can be delivered by sending 2 or more specially fragmented IP datagrams. The first is the 0 offset fragment with a payload of size N, with the MF bit on (data content is irrelevant). The second is the last fragment (MF == 0) with a positive offset < N and with a payload of < N.

This results in the TCP/IP stack allocating unusually large resources to reassembling the packet(s). Depending on the memory deployed on the target box this usually results in the system freezing due to insufficient memory or in some case causing the machine to reboot.
 
1 - 2 of 2 Posts
Top