IP Teardrop attack

Teardrop attacks occur when fragmented IP packets overlap and cause the host attempting to reassemble the packets to crash.

Teardrop attacks exploit the reassembly of fragmented IP packets.  In the IP header, one of the fields is the fragment offset field, which indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.

 ip-tear-drop-attack

When the sum of the offset and size of one fragmented packet differ from that of the next fragmented packet, the packets overlap, and the server attempting to reassemble the packet can crash, especially if it is running an older OS that has this vulnerability

Fragment Discrepancy

Leave a Reply

Your email address will not be published. Required fields are marked *