Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Denial-of-service attack
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Teardrop attacks=== {{see also|IP fragmentation attack}} A '''teardrop attack''' involves sending [[Mangled packet|mangled]] [[IP fragment]]s with overlapping, oversized payloads to the target machine. This can crash various operating systems because of a bug in their [[TCP/IP]] [[IPv4#Fragmentation and reassembly|fragmentation re-assembly]] code.<ref name="CERT-1">{{cite web |year=1998 |title=CERT Advisory CA-1997-28 IP Denial-of-Service Attacks |url=https://vuls.cert.org/confluence/display/historical/CERT+Advisory+CA-1997-28+IP+Denial-of-Service+Attacks |access-date=July 18, 2014 |publisher=CERT}}</ref> [[Windows 3.1x]], [[Windows 95]] and [[Windows NT]] operating systems, as well as versions of [[Linux]] prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.{{efn|Although in September 2009, a vulnerability in [[Windows Vista]] was referred to as a ''teardrop attack'', this targeted [[Server Message Block|SMB2]] which is a higher layer than the TCP packets that teardrop used).<ref>{{cite news|url=http://www.zdnet.com/blog/security/windows-7-vista-exposed-to-teardrop-attack/4222 |archive-url=https://web.archive.org/web/20101106101436/http://www.zdnet.com/blog/security/windows-7-vista-exposed-to-teardrop-attack/4222 |url-status=dead |archive-date=6 November 2010 |title=Windows 7, Vista exposed to 'teardrop attack' |work=ZDNet |date=September 8, 2009 |access-date=2013-12-11}}</ref><ref>{{cite web|url=http://www.microsoft.com/technet/security/advisory/975497.mspx |title=Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution |publisher=Microsoft.com |date=September 8, 2009 |access-date=2011-12-02}}</ref>}} One of the fields in an [[IP header]] is the ''fragment offset'' field, indicating the starting position, or offset, of the data contained in a fragmented packet relative to the data in the original packet. If the sum of the offset and size of one fragmented packet differs from that of the next fragmented packet, the packets overlap. When this happens, a server vulnerable to teardrop attacks is unable to reassemble the packets resulting in a denial-of-service condition.<ref>{{Citation |last=Bhardwaj |first=Akashdeep |title=Solutions for DDoS Attacks on Cloud Environment |date=2023-06-12 |work=New Age Cyber Threat Mitigation for Cloud Computing Networks |pages=42β55 |url=http://dx.doi.org/10.2174/9789815136111123010006 |access-date=2024-02-09 |publisher=BENTHAM SCIENCE PUBLISHERS |doi=10.2174/9789815136111123010006 |isbn=978-981-5136-11-1}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)