Help me understand a teardrop attack?
I am doing a cyber security project for college on a wireshark pcap file which has an example of a teardrop attack. Can someone help me understand what Im looking at so I can understand exactly what is happening in this attack
here is the link to the pcap file to look at if you want to see:
There is a line in frame 8 that says reassembled in frame 9.
In frame 9 heres the info that is pertinent:
Frame Number: 9
Frame Length: 38 bytes (304 bits)
Capture Length: 38 bytes (304 bits)
Total Length: 24
Fragment offset: 24
Protocol: UDP (17)
[2 IPv4 Fragments (28 bytes): #8(36), #9(4)]
Length: 36 (bogus, payload length 28)
[Expert Info (Error/Malformed): Bad length value 36 > IP payload length]
[Checksum Status: Not present]
[Stream index: 1]
Data (20 bytes)
- BigELv 71 month ago
So packet 9 says the UDP data llength is 36 but the UDP data is only 28 bytes, so it points past the valid data.
So the teardrop is a DOS attack, but only to older OSs like Windows 95 and NT. Most OSs will just notice the mismatch and drop the packet as corrupt.
- wowserLv 51 month ago
You are looking at a series of packet fragments that the target machine tries for reassemble and it can't because the size and offsets are incorrect and overlap. look at those portions of the packets