A teardrop attack is a kind of denial-of-service (DoS) attack or one that’s meant to take a target website or network offline. In it, an attacker sends fragmented data packets to the target device. The nature of the packets makes it hard for the system to read the data. The effort to do so ultimately overwhelms the machine, causing it to crash.
A teardrop attack typically works on computers with older operating systems (OSs) such as Windows 95, Windows 3.1x, Windows NT, and earlier Linux versions. Some attacks also worked, though, on systems running Windows 7 and Windows Vista.
A teardrop attack can be likened to an unruly group of shoppers all trying to enter an establishment with a massive sale at the same time. Once the shop doors open, they run en masse, causing a stampede and accidents. The establishment may need to close until the situation is dealt with because the shop owner needs to attend to the injured.
Read More about a “Teardrop Attack”
While teardrop attacks may only work on older OSs, protecting against them is still important because many organizations still use legacy OSs.
Who are the Likely Victims of a Teardrop Attack?
It is pretty common to see established but more traditional organizations fall prey to a teardrop attack. For one, they are more likely to be tech-averse. They often fear that new technologies may jeopardize their operations, and so they adhere to the belief, “Don’t fix what isn’t broken.” Here are some of the industries that still use obsolete systems that hackers may target in a teardrop attack:
As much as 56% of healthcare providers still use old OSs, most commonly Windows 7. That would make them especially vulnerable since Microsoft stopped supporting the said OS.
2. Banking, Financial Services, and Insurance (BFSI)
Financial services have radically changed in the last three decades, as many institutions started using mobile apps. Yet, when it comes to their backend systems, they often remain relatively slow in embracing new technologies. They prefer to use legacy systems because these are “tried and tested.” Little do they know that doing so only makes them more prone to a teardrop attack.
Interestingly, government institutions are among the legacy system users. The Office of Personnel Management (OPM), which was hacked in 2014, couldn’t encrypt citizen data because its system was too old. If it continues to use the same system, it’s also vulnerable to a teardrop attack.
How can Users Protect against a Teardrop Attack?
Preventing a teardrop attack can be achieved in several ways, including:
- Disabling the Server Message Block (SMB): Legacy OS users that no longer receive patches from vendors such as Microsoft should disable ports 139 and 445. SMB allows users to access shared files, printers, and serial ports.
- Protecting network layers: Since teardrop attacks zero in on the network layer, users can use a firewall to filter junk data.
- Using caching servers: Teardrop attacks can be avoided by using caching servers. Caching servers can ensure that their websites stay online despite a DoS attack by using their saved local copies.
- Employing proxies: Proxy servers allow users to inspect all incoming packets for data fragmentation violations before letting them into the network. That helps them identify unwanted data from getting in.
While teardrop attacks are known to target legacy OSs, that doesn’t mean you should be complacent. It’s always best to adhere to security best practices.