What is an IP fragmentation Attack?

An Internet Protocol (IP) fragmentation attack is a standard form of volumetric denial of service (DoS) attack. A denial-of-service (DoS) is any type of attack where the attackers try to stop genuine online users from accessing the service. During an IP fragmentation attack, datagram fragmentation mechanisms are used for crushing the network.

How Does an IP Fragmentation Work?

IP fragmentation takes place when IP datagrams are smashed into small packets. The broken packets are then sent across a network, where they are reconstructed into the original datagram as part of regular online communications.

This entire process is essential to meet the size parameters each network can withstand. This size limit is defined as a maximum transmission unit (MTU).

Types of an IP Fragmentation Attack

The purpose of an IP fragmentation attack is to thwart services or deactivate devices. There are numerous types of IP fragmentation attacks.

IP fragmentation attacks comprise of dispersing datagrams with the intention of difficult reassembly once they’re received. The attack cripples a server, preventing it from operating as it should.

Here are some of the most common IP fragmentation attacks:

  • Tiny fragment attack

    Each IP packet contains a header and a payload. A header consists of details that direct the IP packet to its intended destination. On the other hand, the payload is a framework which carries the data towards the header.
    A tiny fragment attack is a small miniature attack that occurs when a tiny packet fragment lands into a server. This typically occurs when one of the fragments can’t fit its header as it is too small, resulting in reassembly problems which could potentially close down a server.
  • UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) fragmentation attacks

    UDP and ICMP attack flood the servers with large and shady packets. This process drastically overburdens a server, preventing the server from carrying out its planned functions.
  • TCP (Transmission Control Protocol) fragmentation attack (or teardrop attack)

    The Teardrop attack or TCP attack uses packets that are developed to not reunite upon delivery. Without security measures in place, these packet fragments can halt your operating system and crash it, rendering it of no use.

How to protect yourself from IP fragmentation attacks

Here are the ways you can reduce the threat of an IP fragmentation attack:

  • Inspect incoming packets

    You can do inspect incoming packets through a router, a secured proxy server, firewalls, or intrusion detection systems.
  • Ensure your OS is up to date

    Make sure your operating system is updated with the latest software. Updates carry necessary builds that fix bugs and other loopholes.
  • Terminate connection with the sender

    If you’ve been receiving fragmented IP attacks from a discovered sender, simply cut down your connection with them. At the same time, mobile devices use fragmented packets which might disrupt your internet traffic if you disable them.