virus logo Intrusion Prevention

Teardrop.Bonk.DoS

description-logoDescription

This indicates a potential Denial-of-Service (DoS) attack, known as bonk, that abuses IP fragmentation and reassembly features.


Bonk is a variant of TearDrop DoS attack. According to IPv4 standard in RFC 791, when a packet size exceeds the maximum transmission unit (MTU) of a particular network segment, it will be fragmented into two or more smaller packets, which will be reassembled by the receiver. All fragments will set appropriate offset values in their IP headers to allow for proper reassembly. Teardrop is an attack tool which generates and sends malformed IP fragment packets to crash a vulnerable machine.

affected-products-logoAffected Products

Any unprotected Windows NT SP3 or earlier version, Linux kernel 2.0.29-1 or earlier version is vulnerable.

Impact logoImpact

Attackers can cause DoS on the victim system.

recomended-action-logoRecommended Actions

Apply appropriate patches and/or upgrade the system to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-19 14.635 Default_action:pass:drop
2019-02-11 14.548 Sig Added
2019-02-05 14.542 Status:enable:disable
2019-02-01 14.540 Status:disable:enable

References

1 1
ID 12124
Created Aug 21, 2006
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-1999-0258
Exploit Prediction Score 77.56%
Default Action drop
Active
Affected OS Windows
Affected App Other