Re: tlug: Now, ain't this really odd??!!

[Chris Sekiya <chris@example.com>]

On Tue, 1 Sep 1998, Jonathan Byrne - 3Web wrote:

> What's a teardrop attack, and what steps need to be taken to prevent it?

The teardrop attack takes advantage of a bug in the IP defragment code in
kernels before 2.0.31 (I don't remember which 2.1-series kernels were
vulnerable).  Causes a kernel buffer overrun, which results in either a
reboot or a halt. 

The quick fix is to turn off "Always defragment IP packets" in the kernel
config.  The proper fix is to go to a newer kernel (however, I understand
that variations of this attack work on newer kernels as well).

As with all exploits, more information is available at
http://www.rootshell.com (I dislike giving free press to these guys, but
information should be free and all that).

-- Chris

--------------------------------------------------------------
Next Nomikai: 18 September, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 10 October, Tokyo Station Yaesu central gate 12:30
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp