Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
RE: [suse-security] Nessus reports teardrop security hole, What to do
  • From: "Mr. M" <mistrM@xxxxxxxxxxxx>
  • Date: Sun, 10 Dec 2000 13:05:07 -0800
  • Message-id: <000001c062ec$dfdbc5e0$0100a8c0@xxxxxxxxxxxx>
> I have tested my internal firewall (Suse7.0 2.2.16) with Nessus 1.03.
> It reported a security hole that would make it possible to crash
> the machine
> using the teardrop attack.
> Does anyone know what this teardrop is all about, and how to
> close this hole.

Wow. This is a Blast from the Past.

teardrop, newtear, Nestea (ipfragment.c), sping, bonk, etc. are all a type
of Denial of Service attack more commonly know as "Nukes". They exploit
flaws in the vendor's TCP/IP stack usually causing either a kernel panic or
an intense overload of system resources that either locks the machine up or
makes a reboot necessary.

These were immensely popular on IRC networks a few years back.

They were also fixed almost immediately in the Linux kernel. Unless you are
running a kernel that is ancient (which apparently you are not) there should
be nothing to worry about.

You might want to report this to the Nessus team. I could be wrong, but it
seems to me their program is sending you a false positive.


< Previous Next >
This Thread