What Is a Teardrop Attack? Definition, Damage & Defence

A teardrop attack relies on a bug within the code older computer systems use to handle large amounts of data. Rather than putting together all the bits in the right order and serving them up as expected, the systems wait for pieces that never arrive. Eventually, the whole system crashes.

Teardrops are distributed-denial-of-service (DDoS) attacks. About 60 percent of IT experts worry about hacks like this. They are also a type of IP fragmentation attack,  where a hacker overwhelms a network using fragmentation mechanisms.

The solution is relatively simple: Update your software and keep it current.

What is a teardrop attack?

Most systems aren't designed to transfer large amounts of data from another source in one go. As a result, most systems fragment data in transit. The recipient reassembles it based on rules written into the software.

Networks set maximum transmission units (MTUs) that specify how much data they can process at once. Most networks use a 1,500-byte limit. Send something bigger, and it will be:

  • Fragmented. The originating device or its associated routers break the piece into fragment datagrams.

  • Sent. All of the pieces head to the destination with headers that describe the order for reassembly.

  • Reassembled. The destination server waits for all the fragments to arrive. When they're in place, the system puts the message back together and delivers it.

Some older operating systems contain a bug. They grow confused during the reassembly phase, especially when the data packets seem to overlap by a byte or two.

When the system is confused, it pauses, thinks, and then crashes. A crashed server can't deliver resources, and your customers and employees can't do their crucial work.

Why are teardrop attacks so important?

Plenty of people keep using old systems, even when the companies they bought tools from no longer support them. For example, about 30 percent of companies had at least one Windows XP device connected in 2019, even though support ended in 2014. Teardrop attacks prove that updates are critical.

If you're running modern software that you update continually, it's much harder for hackers to launch a teardrop attack against your company. The vulnerability required to make the attack work simply doesn't exist.

Even so, it's important to understand how IP fragmentation attacks like this work. Students learn about them in school, for example, so they'll be able to defend company resources like pros. If you know how your system works, both inside and out, you could spot threats long before they hit your to-fix list.

Stay current with Okta

Running old software can be deadly for your company's security. So can leaving firewalls down, maintaining open ports, and allowing virus downloads. Let us help you.

With our tools, you can surround your assets with security, and rest easy that you've protected your company. Learn more.


Complacency About DDoS Attacks Puts Businesses at Risk, Survey Shows. (June 2015). ComputerWeekly.com.

MTU Size Issues. (May 2013). Network World.

It's 2019, and One Third of Businesses Still Have Windows XP Deployments. (July 2019). TechRepublic.

Teaching Ethical Hacking in Information Security Curriculum: A Case Study. (March 2013). 2013 IEEE Global Engineering Education Conference.