Help me understand a teardrop attack?

I am doing a cyber security project for college on a wireshark pcap file which has an example of a teardrop attack. Can someone help me understand what Im looking at so I can understand exactly what is happening in this attack

here is the link to the pcap file to look at if you want to see:

https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=teardrop.cap

There is a line in frame 8 that says reassembled in frame 9.

In frame 9 heres the info that is pertinent:

Frame Number: 9
Frame Length: 38 bytes (304 bits)
Capture Length: 38 bytes (304 bits)

Total Length: 24
Fragment offset: 24
Protocol: UDP (17)

[2 IPv4 Fragments (28 bytes): #8(36), #9(4)]
Length: 36 (bogus, payload length 28)
[Expert Info (Error/Malformed): Bad length value 36 > IP payload length]
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
Data (20 bytes)

BigE2019-12-06T21:43:33Z

So packet 9 says the UDP data llength is 36 but the UDP data is only 28 bytes, so it points past the valid data.

So the teardrop is a DOS attack, but only to older OSs like Windows 95 and NT.  Most OSs will just notice the mismatch and drop the packet as corrupt.

00

wowser2019-12-06T18:51:48Z

You are looking at a series of packet fragments that the target machine tries for reassemble and it can't because the size and offsets are incorrect and overlap.  look at those portions of the packets

00

Trending Questions

Will changing router modem change my IP address? ?5 answersBest router?7 answersFaster processor and USB adapter or lower speed and ethernet?6 answersWhat if someone's using my wifi?8 answersI once read the even computers without cameras can secretly somehow be used to film a person through the screen. Could this be true?24 answers