MarkSal
asked on
Teardrop attack
We have a juniper netscreen which has a VPN tunnel to/from ip 209.90.159.58 and I am seeing the following in the log files of the netscreen:
Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.
any information to help me determine why would be helpful
Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.
any information to help me determine why would be helpful
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes I know the destination and source IP...so does that mean a fals positive?
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.
ASKER
Fixed
Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used