[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Understanding Teardrop Attacks

OS-specific DoS attacks such as teardrop attacks can cripple a system with minimum effort.

Before You Begin

For background information, read OS-Specific DoS Attacks Overview.

Teardrop attacks exploit the reassembly of fragmented IP packets. In the IP header, one of the fields is the fragment offset field, which indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet. See Figure 152.

Figure 152: Teardrop Attacks

Image teardrop_att.gif

When the sum of the offset and size of one fragmented packet differ from that of the next fragmented packet, the packets overlap, and the server attempting to reassemble the packet can crash, especially if it is running an older operating system that has this vulnerability. See Figure 153.

Figure 153: Fragment Discrepancy

Image frag_discrep.gif

After you enable the teardrop attack screen option, whenever JUNOS Software detects this discrepancy in a fragmented packet, it drops it.

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]