Solved

Teardrop attack

Posted on 2010-09-01
5
1,145 Views
Last Modified: 2012-05-10
We have a juniper netscreen which has a VPN tunnel to/from ip 209.90.159.58 and I am seeing the following in the log files of the netscreen:

Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.

any information to help me determine why would be helpful
0
Comment
Question by:MarkSal
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code.[5] Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used
0
 
LVL 5

Accepted Solution

by:
jhill777 earned 250 total points
Comment Utility
A tear drop attack is an overlapping fragmented packet. Used to crash systems/apps back in the 90's. This is most likely a false positive (assuming you know the source/dest IP).
0
 

Author Comment

by:MarkSal
Comment Utility
yes I know the destination and source IP...so does that mean a fals positive?
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.
0
 

Author Closing Comment

by:MarkSal
Comment Utility
Fixed
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now