• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1186
  • Last Modified:

Teardrop attack

We have a juniper netscreen which has a VPN tunnel to/from ip 209.90.159.58 and I am seeing the following in the log files of the netscreen:

Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.

any information to help me determine why would be helpful
0
MarkSal
Asked:
MarkSal
  • 3
  • 2
1 Solution
 
jhill777Commented:
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code.[5] Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used
0
 
jhill777Commented:
A tear drop attack is an overlapping fragmented packet. Used to crash systems/apps back in the 90's. This is most likely a false positive (assuming you know the source/dest IP).
0
 
MarkSalAuthor Commented:
yes I know the destination and source IP...so does that mean a fals positive?
0
 
jhill777Commented:
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.
0
 
MarkSalAuthor Commented:
Fixed
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now