Results 1 to 3 of 3

Thread: TearDrop attack

  1. #1

    TearDrop attack

    Just reviewing my router logs...

    May/25/2004 23:33:23 TearDrop Attack Detect :29289 Packet Dropped
    May/25/2004 23:33:23 TearDrop Attack Detect :19535 Packet Dropped

    and from "...TearDrop bug, which can allow a malicious user to crash your Windows NT machine."

    Luckily these packets were dropped - looks like no damage done, although my win98 machine has been freezing up a lot lately, and i've been running an apache webserver (v1.3.26 - computer couldn't handle 2.0.49 - darn outdated win98...) but virus scan and spyware progs say my computer's clean...

    just wondering if anyone thinks there's a connection between the apache server running and the teardrop attacks?? or just coincidence? and of course if there's any further info on the teardrop attack please pass it on!!


  2. #2
    Senior Member
    Join Date
    May 2004
    Teardrop Attack

    This type of denial of service attack exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. The fragment packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    I doubt it has anything to do with the web server. More than likely it is a scanner that is just going through an entire subnet looking for machines that are susceptible to that particular type of attack, or other attacks. However, if you spend a lot of time in chat rooms talking to 3l33t h4x0rs you may have made some enemies that are coming after you.. No telling really.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts