Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IP Teardrop Attack Screen

 

This topic describes how to configure detection of an IP teardrop attack.

Teardrop attacks exploit the reassembly of fragmented IP packets. In the IP header, one of the field is the fragment offset fields, which indicates the starting position, or offset of the data contained in a fragmented packet, relative to the data of the original unfragmented packet. When the sum of the offset and size of one fragmented packet differs from that of the next fragmented packet, the packets overlap and the server attempting to reassemble the packet might crash.

To enable detection of a teardrop attack:

  1. Configure interfaces and assign IP addresses to the interfaces.
  2. Configure security zones trustZone and untrustZone and assign interfaces to them.
  3. Configure security policies from untrustZone to trustZone.
  4. Configure the security screen option and attach it to the untrustZone.
  5. Configure syslog.
  6. Commit the configuration.