Nestea

Description of Nestea

This DoS attack affects the Linux operating system.

The Nestea attack is very similar to the Teardrop attack, in that it sends IP fragments to a machine connected to the Internet or a network. But, while Teardrop affects Windows based systems, Nestea is specific to the Linux operating system, and exploits a bug (commonly known as the "off by one IP header" bug) in the Linux refragmentation code (the code that reformats, or puts back together, oversize packets when they are received from a client system).

The Nestea attack is very similar to the Teardrop attack, and is run against Linux versions 2.0 and 2.1.

Symptoms of Attack

Machines subjected to the Nestea Denial of Service attack will almost certainly crash. A simple reboot should be sufficient to recover from a Nestea attack.

How can I fix this vulnerability?

Apply the patch, which can be found at ICMPinfo's Nestea Patch page.

Where can I read more about this?

Read a little more about the Nestea DoS, and get the source code, at Rootshell's Nestea page.

To keep abreast of existing and emerging Denial of Service attacks, and other security threats, visit the Microsoft Security Advisor, the Windows Central Bug Site, and/or CERT. If information on a specific attack is not located on these sites, keep checking back as they are updated frequently.