Teardrop
Description
This indicates an attack attempt against a denial-of-service vulnerability in the TCP/IP fragmentation re-assembly code in various operating systems.
The vulnerability is caused by an error when the vulnerable system handles mangled IP fragments with overlapping, over-sized, payloads. It allows a remote attacker to crash the vulnerable system.
Affected Products
Windows 3.1x
Windows 95
Windows NT
Linux prior to versions 2.0.32 and 2.1.63
Impact
Denial of service: Remote attackers can crash vulnerable systems.
Recommended Actions
For Microsoft systems, apply the appropriate patch:
* Microsoft windows NT4:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/icmp-fix/
* Microsoft windows NT 3.51:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/teardrop2-fix/
For Linux systems, upgrade to the latest kernel version, available from the web site:
http://www.kernel.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |