MediumCheck or Attack Name: Modified Teardrop Attack
A denial of service attack exists against the networking stack of some versions of Microsoft's operating systems. This issue is caused by a problem with the way the Microsoft TCP/IP stack handles certain exceptions caused by misformed UDP header information. This situation does not occur in properly formed TCP/IP packets and must be generated by a program with malicious intent.
Obtain one of the following patches:
Windows NT Service Pack 3 users must apply the teardrop2-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/.
Windows NT 3.51 SP5 users must apply the post-SP5 teardrop2-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/teardrop2-fix/.
Microsoft Security Bulletin, Update on Network Denial of Service Attacks (Teardrop/NewTear/Bonk/Boink), http://www.microsoft.com/security/bulletins/netdos.asp
SCO Security Bulletin 98:01, IP-based Denial of Service Attacks, ftp://ftp.sco.com/SSE/security_bulletins/SB.98:01a
CIAC Information Bulletin I-031A, I-031a: Malformed UDP Packets in Denial of Service Attacks, http://ciac.llnl.gov/ciac/bulletins/i-031a.shtml
CERT Summary CS-98.02, Denial of service attacks targeting Windows 95/NT machines, ftp://ftp.cert.org/pub/cert_summaries/CS-98.02
