Denial of Service: Teardrop Attack
The Teardrop attack exploits
the vulnerability present in the reassembling of data packets. Whenever data is
being sent over the Internet, it is broken down into smaller fragments at the
source system and put together at the destination system. Say you need to send
4000 bytes of data from one system to the other, then not all of the 4000 bytes
is sent at one go. This entire chunk of data is first broken down into smaller
parts and divided into a number of packets, with each packet carrying a
specified range of data. For Example, say 4000 bytes is divided into 3 packets,
then:
The first Packet will carry
data from 1 byte to 1500 bytes
The second Packet will carry
data from 1501 bytes to 3000 bytes
The third packet will carry data
from 3001 bytes to 4000 bytes
These packets have an OFFSET
field in their TCP header part. This Offset field specifies from which byte to
which byte does that particular data packet carries data or the range of data
that it is carrying. This along with the sequence numbers helps the destination
system to reassemble the data packets in the correct order. Now in this attack,
a series of data packets are sent to the target system with overlapping Offset
field values. As a result, the target system is not able to reassemble the
packets and is forced to crash, hang or reboot.
Say for example, consider the
following scenario:
Normally a system receives data
packets in the following form, with no overlapping Offset values.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _
(1 to 1500 bytes) (1501 to 3000
bytes) (3001 to 4500 bytes)
Now in a Teardrop attack, the
data packets are sent to the target computer in the following format:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ _ _ _ _ _ _ _ _
(1 to 1500 bytes) (1500 to 3000
bytes) (1001 to 3600 bytes)
When the target system receives
something like the above, it simply cannot handle it and will crash or hang or
reboot.
No comments:
Post a Comment