Solved

Teardrop attack

Posted on 2010-09-01
5
1,161 Views
Last Modified: 2012-05-10
We have a juniper netscreen which has a VPN tunnel to/from ip 209.90.159.58 and I am seeing the following in the log files of the netscreen:

Teardrop attack! From 209.90.159.58 to 209.90.159.60, proto 50 (zone Untrust, int ethernet3). Occurred 1 times.

any information to help me determine why would be helpful
0
Comment
Question by:MarkSal
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:jhill777
ID: 33580120
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code.[5] Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used
0
 
LVL 5

Accepted Solution

by:
jhill777 earned 250 total points
ID: 33580149
A tear drop attack is an overlapping fragmented packet. Used to crash systems/apps back in the 90's. This is most likely a false positive (assuming you know the source/dest IP).
0
 

Author Comment

by:MarkSal
ID: 33580161
yes I know the destination and source IP...so does that mean a fals positive?
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33580258
Yeah, I would assume so and it's not really a threat to newer operating systems anyway.
0
 

Author Closing Comment

by:MarkSal
ID: 33756859
Fixed
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question