Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
Help me understand a teardrop attack?
I am doing a cyber security project for college on a wireshark pcap file which has an example of a teardrop attack. Can someone help me understand what Im looking at so I can understand exactly what is happening in this attack
here is the link to the pcap file to look at if you want to see:
https://wiki.wireshark.org/SampleCaptures?action=A...
There is a line in frame 8 that says reassembled in frame 9.
In frame 9 heres the info that is pertinent:
Frame Number: 9
Frame Length: 38 bytes (304 bits)
Capture Length: 38 bytes (304 bits)
Total Length: 24
Fragment offset: 24
Protocol: UDP (17)
[2 IPv4 Fragments (28 bytes): #8(36), #9(4)]
Length: 36 (bogus, payload length 28)
[Expert Info (Error/Malformed): Bad length value 36 > IP payload length]
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
Data (20 bytes)
2 Answers
- BigELv 71 year ago
So packet 9 says the UDP data llength is 36 but the UDP data is only 28 bytes, so it points past the valid data.
So the teardrop is a DOS attack, but only to older OSs like Windows 95 and NT. Most OSs will just notice the mismatch and drop the packet as corrupt.
- wowserLv 51 year ago
You are looking at a series of packet fragments that the target machine tries for reassemble and it can't because the size and offsets are incorrect and overlap. look at those portions of the packets
