Teardrop attack – What is it and how to prevent it?

Online “attacks” are a really upsetting topic. But like with many uncomfortable things in life, ignoring them doesn’t prevent or fix them. So let’s face the fact that they exist, and they can hit us and learn more about how we can protect our online business.

What is a teardrop attack?

A teardrop attack is a DoS (denial of service) type of attack. A teardrop attack makes a network, server, or computer inaccessible by sending them altered, oversize data packets. 

It’s very common for the attackers to use a bug to affect the reassembly function of TCP/IP or its fragmentation codes to enable the teardrop attack.

The victim will struggle due to the difficulty of reassembling those altered data packets in the proper order. It will fail the reconstruction, try again and again, until an overlap of packets occurs and the victim finally crashes.

To ensure its success, the teardrop attack also involves sending big amounts of traffic to stress even more its victim. The constant repetition of the failing reassembly and traffic demanding for being attended will derive from the exhaustion of the victim’s resources to operate and its lack of availability.

How does Teardrop attack function?

Attackers seem to choose a teardrop attack to hit aged operating systems. Let’s say Linux versions former to 2.0.32 and 2.1.63. Windows NT, Windows 3.1x, Windows 95, Windows 7, Windows Vista. 

Based on this, and considering that new operating systems are not teardrop attack’s target, this threat could sound outdated. And perhaps it is for most regular users, but it’s not for big government and healthcare organizations in many countries.

If you think about the last time you visit such an office, what type of equipment did you see around? Modern computers? It depends on the country, but many still use old computers for daily tasks.

How to prevent a teardrop attack?

  • Use a firewall. There are different types of firewalls. For sure, one will suit your network’s needs. What is important is to enable an efficient filter that can detect and stop infected data trying to access your network.
  • Define MSS to strengthen security. What maximum segment (MSS) size does is to determine a size limit (bytes) for data packets. 
  • Get a secure proxy. It examines every incoming data packet to detect possible bugs. Only packets without bugs will be welcome on the system.
  • Disable the SMB. This is a useful tip for users of old operating systems like Windows 7 or Windows Vista. The server message block (SMB) is the way to access shared files, printers, or serial ports. Experience points that TCP ports number 139 and 445 on the firewalls of the SMB are the weakness that teardrop attackers use to hit such systems. What you can do is disable the SMB, together with its ports (139, 445).
  • Don’t use an outdated OS. Keep your OS updated and evade using computers with very old OSes installed. 
  • Avoid the segmentation of packets. Through the use of path maximum transmission unit discovery (PMTUD), it is possible to determine the maximum transmission unit dimension between two IP hosts on the path of a network.

Recommended article: ​DDoS-protected DNS service: Why do you need it?


Strength the security of your systems today! It will cost you less than what you could lose in case you experience an attack.

Leave a Reply

Your email address will not be published. Required fields are marked *