Teardrop attack

Posted on 2010-09-01
Last Modified: 2012-05-10
We have a juniper netscreen which has a VPN tunnel to/from ip and I am seeing the following in the log files of the netscreen:

Teardrop attack! From to, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.

any information to help me determine why would be helpful
Question by:MarkSal
  • 3
  • 2

Expert Comment

ID: 33580120
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code.[5] Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used

Accepted Solution

jhill777 earned 250 total points
ID: 33580149
A tear drop attack is an overlapping fragmented packet. Used to crash systems/apps back in the 90's. This is most likely a false positive (assuming you know the source/dest IP).

Author Comment

ID: 33580161
yes I know the destination and source does that mean a fals positive?

Expert Comment

ID: 33580258
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.

Author Closing Comment

ID: 33756859

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Switches Keep Failing 8 86
MAC address learning of Riverbed 4 41
Claiming a Domain Name 7 35
How to simulate latency? 5 24
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question