Basic HTML version of Foils prepared May 19 99

Foil 15 Denial of Service Attacks (5)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski


Teardrop Attack (summer 1997 )
  • use a bug in the implementation of IP packet fragmentation
    • send 2 specially fragmented IP datagrams (overlapping fragments)
    • the first: 0 offset fragment with the payload of size N; MF bit on
    • the second: positive offset <N and a payload less than N;MF=0
    • the offset is shorter then previous fragment; reassembly procedure creates negative number, which is treated by system as s very large positive number
  • Linux, Win95, WinNT will crash because the copy operation overwrites the memory
  • variants : bonk (affects port 53), newtear (UDP-based)
Defense



© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999