Intrusion Prevention

Teardrop.Bonk.DoS

Description

This indicates a potential Denial-of-Service (DoS) attack, known as bonk, that abuses IP fragmentation and reassembly features.


Bonk is a variant of TearDrop DoS attack. According to IPv4 standard in RFC 791, when a packet size exceeds the maximum transmission unit (MTU) of a particular network segment, it will be fragmented into two or more smaller packets, which will be reassembled by the receiver. All fragments will set appropriate offset values in their IP headers to allow for proper reassembly. Teardrop is an attack tool which generates and sends malformed IP fragment packets to crash a vulnerable machine.

Affected Products

Any unprotected Windows NT SP3 or earlier version, Linux kernel 2.0.29-1 or earlier version is vulnerable.

Impact

Attackers can cause DoS on the victim system.

Recommended Actions

Apply appropriate patches and/or upgrade the system to the latest non-vulnerable version.

CVE References

CVE-1999-0258

Other References

1 1 1