May 28th, 2004, 02:14 AM
Just reviewing my router logs...
May/25/2004 23:33:23 TearDrop Attack Detect 220.127.116.11:25461 :29289 Packet Dropped
May/25/2004 23:33:23 TearDrop Attack Detect 18.104.22.168:25888 :19535 Packet Dropped
and from pcworld.com "...TearDrop bug, which can allow a malicious user to crash your Windows NT machine."
Luckily these packets were dropped - looks like no damage done, although my win98 machine has been freezing up a lot lately, and i've been running an apache webserver (v1.3.26 - computer couldn't handle 2.0.49 - darn outdated win98...) but virus scan and spyware progs say my computer's clean...
just wondering if anyone thinks there's a connection between the apache server running and the teardrop attacks?? or just coincidence? and of course if there's any further info on the teardrop attack please pass it on!!
May 28th, 2004, 02:30 AM
This type of denial of service attack exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. The fragment packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash.
May 28th, 2004, 07:02 PM
I doubt it has anything to do with the web server. More than likely it is a scanner that is just going through an entire subnet looking for machines that are susceptible to that particular type of attack, or other attacks. However, if you spend a lot of time in chat rooms talking to 3l33t h4x0rs you may have made some enemies that are coming after you.. No telling really.