Teardrop Attack

Why Trust Techopedia

What Does Teardrop Attack Mean?

A teardrop attack is a denial of service (DoS) attack conducted by targeting TCP/IP fragmentation reassembly codes. This attack causes fragmented packets to overlap one another on the host receipt; the host attempts to reconstruct them during the process but fails. Gigantic payloads are sent to the machine that is being targeted, causing system crashes.

Advertisements

Techopedia Explains Teardrop Attack

While much more popular on older versions of Windows, the teardrop attack is also possible on Windows 7 and Windows Vista machines that have SMB enabled. The driver vulnerability on the latter two operating systems was noted in 2009, but Windows 2000 and Windows XP are not vulnerable to this type of teardrop attack, which hones in on TCP ports 139 and 445 on the firewalls of the SMB-enabled machines. If users don’t have patches to protect against this DoS attack, SMBv2 should be disabled, as recommended by Microsoft, and ports 139 and 445 should be blocked.

Advertisements

Related Terms

Margaret Rouse
Technology expert
Margaret Rouse
Technology expert

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.