New Teardrop Attack

Bryan Mattern wrote in with a forward from the Windows NT bug track list that discusses a new version of the teardrop attack. This version apparently affects Linux as well as NT and 95. Keep reading to read the original message.

Here is the message that started the hoopla: Date: Tue, 3 Mar 1998 16:16:34 -0500
Reply-To: Russ Russ.Cooper@RC.ON.CA
Sender: Windows NT BugTraq Mailing List
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
From: Russ Russ.Cooper@RC.ON.CA
Subject: Alert: New Teardrop Attack
Content-Type: text/plain

Folks,

I have several well placed sources reporting a new teardrop-style attack that operates seemingly on a broadcast basis. Its very wide scale and began, seemingly, today. A report to NTSecurity@iss.net indicated that NT BSODs, Win95 GPFs, and Linux crashes. This is as yet unconfirmed (read: reproducible) because so far nobody has found a source for the attack (that is, the source program). Investigations continue large scale.

This message is to serve as both a warning, and a request. If you have any sniffer traces of attacks causing the above mentioned effects and can share them with me, please contact me directly at Russ.Cooper@rc.on.ca. I will share them with several well placed security resources (read: not just Microsoft) and see if we can figure out what's happening.

Be aware that this is very wide-spread primarily targeting .gov and .edu networks, but certainly not restricted to such.