![](https://seccdn.libravatar.org/avatar/f905e1cfc9ab11696a262da7fbfb8046.jpg?s=120&d=mm&r=g)
On Friday 19 October 2001 16:09, jst wrote:
Hello
I'm using Suse Linux 7.2 as Gateway for connecting Internet. Now I've been testing my Gateway with Nessus. And I got this Message back.
-- Vulnerability found on port general/tcp
It was possible to make the remote server crash using the 'teardrop' attack.
check out http://www.sans.org/infosecFAQ/threats/frag_attacks.htm for details. the below info is cut & pasted from http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-5.html: 5.3 Filtering out Ping of Death Linux boxes are now immune to the famous Ping of Death, which involves sending an illegally-large ICMP packet which overflows buffers in the TCP stack on the receiver and causes havoc. If you are protecting boxes which might be vulnerable, you could simply block ICMP fragments. Normal ICMP packets aren't large enough to require fragmentation, so you won't break anything except big pings. I have heard (unconfirmed) reports that some systems required only the last fragment of an oversize ICMP packet to corrupt them, so blocking only the first fragment is not recommended. While the exploit programs I have seen all use ICMP, there is no reasons that TCP or UDP fragments (or an unknown protocol) could not be used for this attack, so blocking ICMP fragments is only a temporary solution. 5.4 Filtering out Teardrop and Bonk Teardrop and Bonk are two attacks (mainly against Microsoft Windows NT machines) which rely on overlapping fragments. Having your Linux router do defragmentation, or disallowing all fragments to your vulnerable machines are the other options. 5.5 Filtering out Fragment Bombs Some less-reliable TCP stacks are said to have problems dealing with large numbers of fragments of packets when they don't receive all the fragments. Linux does not have this problem. You can filter out fragments (which might break legitimate uses) or compile your kernel with `IP: always defragment' set to `Y' (only if your Linux box is the only possible route for these packets).