Teardrop.Bonk.DoS
Description
This indicates a potential Denial-of-Service (DoS) attack, known as bonk, that abuses IP fragmentation and reassembly features.
Bonk is a variant of TearDrop DoS attack. According to IPv4 standard in RFC 791, when a packet size exceeds the maximum transmission unit (MTU) of a particular network segment, it will be fragmented into two or more smaller packets, which will be reassembled by the receiver. All fragments will set appropriate offset values in their IP headers to allow for proper reassembly. Teardrop is an attack tool which generates and sends malformed IP fragment packets to crash a vulnerable machine.
Affected Products
Any unprotected Windows NT SP3 or earlier version, Linux kernel 2.0.29-1 or earlier version is vulnerable.
Impact
Attackers can cause DoS on the victim system.
Recommended Actions
Apply appropriate patches and/or upgrade the system to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |