The Teardrop has been bringing down computers in the past, but should we still be afraid? How does it work, and is there a way to prevent a Teardrop attack? Now you can learn the most important information about this DoS attack.
What is the Teardrop attack, and how does it work?
The Teardrop attack (also known as TCP fragmentation attack) belongs to the group of the Denial-of-Service (DoS). The attack uses fragmented data packets sent to the target that can’t reconstruct them successfully and fail to function. The vulnerability that the Teardrop attack exploits can be found inside the TCP/IP reassembly process. Those Teardrop fragmented packets overlap each other, and the target crashes in its attempts to process them.
Inside the packets’ IP header, there is a field called the “fragment offset” field, which shows the starting position, or the offset, of the data sent in fragmented packets. If the sum of the offset and the size of the packets are not the same in the consecutive packets, they overlap, and the receiver can’t reassemble the packets and leads to Denial-of-Service.
The vulnerability was a big danger for older operating systems (OS) like Windows 3.1x, Windows 95, Windows NT, Windows Vista, Windows 7, and Linux with kernels previous to 2.1.63 to the first version, Linux with kernels up to 4.9 are vulnerable to (SegmentSmack version CV-2018-5390) and version 4.9 to (FragmentSmack CVE-2018-5391).
Is the Teardrop attack obsolete?
The Teardrop attack looks like it is a thing from the past, but hackers find new ways to use old attacks all the time. The last time this attack was stopped was in 2018 with Windows 7 security patch for CVE-2018-5390 and CVE-2018-5391 bugs. It stops the vulnerability that pushed the CPU of the targets to its limits and could potentially crash the system.
How to prevent a Teardrop attack?
Don’t use an outdated OS.
It is extremely important not to use an older OS that no longer is supported any security patches. If you use one that doesn’t receive updates anymore, you could suffer a Teardrop attack (in the case of the previously mentioned Oses) or many other attacks.
Get a DDoS Protection service.
Such a service can inspect the incoming traffic, see malicious data packets that are going towards the target (your server or a particular computer) and stop them. That way, they won’t come to the target, and it won’t have the challenge to try to reassemble it.
DDoS protected DNS service – Why is it important?
Drop all fragmented packets.
After the 2018 Teardrop vulnerability that Microsoft patched, the company recommended disabling the packet reassembly. This action will permanently drop all packets that are out of order. It will definitely stop this fragmentation attack, but it could also block regular traffic, and that could be a problem.
Conclusion
For now, preventing a Teardrop attack means using a modern OS. We are currently safe from Teardrop attacks, but the cybercriminals never rest. They can find a new way to exploit the same vulnerability or find another and get a similar result. So better understand the vulnerabilities from the past, learn from them, and prepare for the future because many new attacks are coming our way.
