Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is a teardrop attack?



Article ID: KB5206 KB Last Updated: 18 Aug 2010Version: 3.0

What is a teardrop attack?
 Tear drop is an exploit of the re-assembly of fragmented IP frames.  When there is an overlap condition between the first and second parts of a fragmented frame, it could cause a server to crash. In the TCP header, one of the options is offset.  A tear drop attack occurs when the sum of the offset and the size of one frame is different from the offset and size of the next packet.  This check is performed for all fragmented packets.  If the NetScreen sees this discrepancy, it will drop the packet.  If the packet is dropped, the NetScreen will replace this packet with a new set of fragmented packets, and the same check is performed. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search