What is a Teardrop attack?

Computing technology is an exciting world that boosts creativity in different directions. Unfortunately, malicious people are part of the environment, and they constantly innovate the methods for getting fun, popularity, or profit their way. As a result, the variety of attacks is huge already. Teardrop attack is one choice of the wide attacks’ menu.

What is a DoS attack?

Denial of Service (DoS) is an attack that aims to shut down either a machine or a network by making it inaccessible to users. There are different techniques to reach that evil objective. One is via big loads of traffic for flooding the target until it gets very sluggish and finally stops working. Another, overloading with requests and data, or the sending of malicious information, bugs for exploiting vulnerabilities or destabilizing the machine or network until it crashes. 

DoS attacks have different motivations. Sometimes they are used to sabotage businesses, ask for money for the ransom of a company, protest against a political or social measure, show power, and distract the target for doing something worse like stealing sensitive data. 

What is a Teardrop attack?

Teardrop attack belongs to the category of DoS attacks. A Teardrop attack works by sending altered packets to a target (computer, server, network). The receiver machine (target) conflicts because it can’t put together the packets in the correct sequence. Usually, a bug is used to exploit a TCP/IP vulnerability affecting its reassembly feature or TCP/IP fragmentation codes. Then, after failing continuously while trying to reconstruct the packets properly, an overlapping of them takes place, producing the target crash. 

How does Teardrop attack work?

Besides, big loads of traffic are sent, so the target’s condition gets worse every minute. 

The most vulnerable to teardrop attacks seem to be old operating systems. Think, for instance, Windows 95, Windows 3.1x, Windows NT, Windows 7, Windows Vista, or Linux versions prior to 2.1.63 and 2.0.32.

Users who work with new operating systems can think that this attack is not a risk anymore, but actually, it is and on a big scale. Since a vast number of organizations in the world still work with such operating systems, chances for Teardrop attacks are still possible. Think about areas like healthcare systems and a lot of government offices. Your own experience on such offices while paying different taxes or making an update process can prove it.

How to prevent a Teardrop attack?

Here you have some options to prevent such attacks:

  • Enable a powerful firewall to protect your network. If it effectively filters junk and infected information, the network should stay safe.
  • Use a secure proxy. You can add it to get an extra layer of security. What such a proxy does is to check all the incoming packets. If it detects a packet containing errors, it won’t access your system.
  • Establish maximum segment size (MSS). MSS lets define the maximum size of data (measured in bytes) for every information packet. 
  • Prevent packet segmentation. You can do it through path MTU discovery (PMTUD). Through this technique, you can define the maximum transmission unit (MTU) dimension on the path of a network between two IP hosts.
  • Deactivate the SMB. If someone out there still works with Windows 7 and Windows Vista versions, this information can help you. The attack can happen if machines have Server Message Block (SMB) activated. SMB is used to access serial ports, printers, or shared files. TCP ports 139 and 445 on the SMB’s firewalls are the vulnerability through which Teardrop attack becomes real. The recommendation is to disable SMB and to block its 139 and 445 ports. Besides, use patches against this type of attack. 


Teardrop attacks and others are a real possibility. Accepting that as a fact is better for taking proper actions for protecting your business’ network, devices, etc. Prevention is the key when it’s about security. It’s better and cheaper to invest in security than to fix the mess an attack can produce.