A teardrop attack is a Layer 3 (network) attack vector, the classic named fragmentation attack a thorough DDoS test is built to exercise. The attacker sends IP fragments with overlapping or malformed offset fields, so when the target tries to reassemble them the lengths do not line up. A vulnerable reassembly routine miscalculates buffer boundaries and crashes or hangs the host. The attack costs almost no bandwidth; the damage comes from the bug it triggers in the IP stack rather than from volume.
Why it matters in DDoS testing
Teardrop is patched in modern kernels, but the broader class of fragmentation handling remains a live surface, especially on appliances and IoT firmware that lag on updates. Testing confirms that overlapping and malformed fragments are dropped safely and that reassembly buffers do not exhaust under a fragment flood. The mechanics of fragmentation-based vectors are detailed in Understanding DDoS Attack Vectors.