Intrusion Prevention

Teardrop

Description

This indicates an attack attempt against a denial-of-service vulnerability in the TCP/IP fragmentation re-assembly code in various operating systems.
The vulnerability is caused by an error when the vulnerable system handles mangled IP fragments with overlapping, over-sized, payloads. It allows a remote attacker to crash the vulnerable system.

Affected Products

Windows 3.1x
Windows 95
Windows NT
Linux prior to versions 2.0.32 and 2.1.63

Impact

Denial of service: Remote attackers can crash vulnerable systems.

Recommended Actions

For Microsoft systems, apply the appropriate patch:
* Microsoft windows NT4:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/icmp-fix/
* Microsoft windows NT 3.51:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/teardrop2-fix/
For Linux systems, upgrade to the latest kernel version, available from the web site:
http://www.kernel.org/