Solved

Teardrop attack

Posted on 2010-09-01
5
1,166 Views
Last Modified: 2012-05-10
We have a juniper netscreen which has a VPN tunnel to/from ip 209.90.159.58 and I am seeing the following in the log files of the netscreen:

Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.

any information to help me determine why would be helpful
0
Comment
Question by:MarkSal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:jhill777
ID: 33580120
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code.[5] Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used
0
 
LVL 5

Accepted Solution

by:
jhill777 earned 250 total points
ID: 33580149
A tear drop attack is an overlapping fragmented packet. Used to crash systems/apps back in the 90's. This is most likely a false positive (assuming you know the source/dest IP).
0
 

Author Comment

by:MarkSal
ID: 33580161
yes I know the destination and source IP...so does that mean a fals positive?
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33580258
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.
0
 

Author Closing Comment

by:MarkSal
ID: 33756859
Fixed
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question