A teardrop attack is an attack on a computer that uses a specific property of the IP protocol .
The teardrop attack creates a series of IP fragments with overlapping offset fields. If these fragments are put together on the target computer, it can crash or restart.
This type of denial-of-service attack uses the possibility of sending an oversized packet to the IP layer in the TCP / IP stack that is too large for the next hop / router .
Teardrop attacks exploit weaknesses in the recovery of IP packet fragments. During data transmission over the network , IP packets are often split into small parts. Each fragment looks like the original IP packet, with the difference that it contains an offset field that says, for example, "this fragment transmits the bytes in positions 200–400 of the original (non-fragmented) IP packet".
This DoS attack blocks the target computer by sending IP fragments. Fragmented IP packets with a negative fragment length are sent. Older versions of the IP fragment routines do not check this and return an error message for each such packet .
The teardrop attacks first affected Windows 95 and Windows NT in 1997. At the time, Microsoft released a bug fix that was updated several times.
- Amrit Tiwana: Web Security. Digital Press, Boston et al. MA 1999, ISBN 1-555-58210-9 , page 65 online .