nerdexam
EC-Council

312-50V10 · Question #371

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

The correct answer is A. Teardrop. The Teardrop attack exploits the TCP/IP fragment reassembly process by sending malformed, overlapping IP fragments that crash or freeze the target system during reassembly.

Denial of Service

Question

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Options

  • ATeardrop
  • BSYN flood
  • CSmurf attack
  • DPing of death

How the community answered

(42 responses)
  • A
    86% (36)
  • B
    2% (1)
  • C
    2% (1)
  • D
    10% (4)

Why each option

The Teardrop attack exploits the TCP/IP fragment reassembly process by sending malformed, overlapping IP fragments that crash or freeze the target system during reassembly.

ATeardropCorrect

Teardrop is a classic IP fragmentation attack that sends IP fragments with overlapping offset values. When the target system attempts to reassemble these malformed fragments, the overlap causes the reassembly algorithm to fail, often resulting in a system crash or freeze. This directly targets the weakness in the TCP/IP stack's fragment reassembly functionality.

BSYN flood

A SYN flood exploits the TCP three-way handshake by sending large volumes of SYN packets without completing the connection, exhausting server resources - not related to fragment reassembly.

CSmurf attack

A Smurf attack amplifies ICMP echo requests by broadcasting them with a spoofed source IP to flood the victim, which is unrelated to IP fragmentation.

DPing of death

The Ping of Death sends an oversized ICMP packet that exceeds the maximum legal size, crashing the target on receipt - it targets packet size limits, not fragment reassembly logic.

Concept tested: IP fragmentation Teardrop attack mechanism

Source: https://learn.microsoft.com/en-us/security/engineering/network-attacks

Topics

#teardrop attack#fragment reassembly#TCP/IP stack#denial of service

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice