A Teardrop attack is a type of Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack that exploits vulnerabilities in how older operating systems handle fragmented IP packets. Here’s a breakdown of how it works and why it matters:

🧠 How It Works

• Fragmentation Basics: When large data packets are sent over a network, they’re broken into smaller fragments. Each fragment includes a header that tells the receiving system how to reassemble the full message.
• The Exploit: In a Teardrop attack, the attacker sends malformed or overlapping fragments. Older systems—especially those with buggy TCP/IP implementations—get confused during reassembly.
• Crash Trigger: These systems may pause, miscalculate, or crash entirely when trying to reassemble overlapping fragments. This leads to a denial of service, making the system or network unavailable.

🧨 Why It’s Dangerous

• Targets Legacy Systems: Older versions of Windows (like Windows 95, NT, Vista) and Linux (pre-2.0.32) are especially vulnerable.
• System Crashes: The attack doesn’t just slow things down—it can cause full system crashes, disrupting business operations or access to critical services.
• Hard to Detect: Because it mimics normal packet fragmentation, it can be tricky to spot without proper monitoring tools.

🛡️ How to Protect Against It

• Update Your OS: Modern operating systems have patched the vulnerability. Keeping software up to date is the most effective defense.
• Use Firewalls and IDS: Firewalls and Intrusion Detection Systems can filter out malformed packets before they reach vulnerable systems.
• Disable Fragmentation: In some cases, disabling IP fragmentation or limiting packet size can help mitigate the risk.

💡 Fun Fact

The name “Teardrop” comes from the way the fragmented packets “fall apart” during reassembly—like a teardrop breaking on impact.