Teardrop attack explained
Teardrop attack is another threat that is popular and could cause a lot of damage. So, let’s explain a little bit more about it!
Teardrop attack – Definition
The Teardrop attack is a common type of Denial of Service (DoS) attack. The criminals who initiate the attack aim to overwhelm their victims and make their devices or networks unreachable. For that purpose, they send a massive amount of oversized data packets.
Cybercriminals take advantage of the vulnerability of some devices and affect the reassembly process of TCP/IP or its fragmentation codes. As a result, their victims are experiencing difficulties through the process of reassembling these modified data packets and bringing them back in their correct order. They continuously try to reconstruct them when finally the victim’s network or devices crash completely.
As we mentioned, the Teardrop attack also includes sending a large amount of traffic to the victims. The reason for that is simple: attackers want to make sure their attempt is going to be successful, and the stress over their target is going to be significant. The endless repetition of the unsuccessful reassembly and traffic demand is going to lead to the exhaustion of the victim’s resources. Thus, it becomes unable to function and lacks availability.
Main targets of Teardrop attack
The attackers commonly use the Teardrop attack to hit operating systems (OS) that are considered a bit aged. For example, versions of Linux before 2.0.32 and 2.1.63. and Windows versions such as NT, Windows 3.1x, Windows 95, Windows 7, Windows Vista. They are not supported anymore, and there are no security patches.
The new versions of operating systems are not the popular choice for attackers. So, you are probably suggesting that this type of attack is a bit outdated. Yet, that is not actually true. A lot of big government and healthcare organizations are still using these former versions. In addition, a significant number of them also still work with old devices and computers to complete their day-to-day tasks.
How to prevent it?
There are some things you could do to prevent the Teardrop attack. Let’s see what the options are:
- Protect your network with a robust firewall. It is going to filter junk and infected information, and your network is going to be safe.
- Prevent packet segmentation. You could accomplish it via path MTU discovery (PMTUD). The technique allows you to determine the maximum transmission unit (MTU) dimension on the path of a particular network between two IP hosts.
- Set maximum segment size (MSS). MSS allows you to determine the maximum size of data (in bytes) for each data packet.
The Teardrop attack is an actual cyber threat, and it should not be neglected. In case you are using these operating systems (OS) that are considered a bit aged, try implementing all or some of the measures for prevention.