What is an IP fragmentation Attack?
An Internet Protocol (IP) fragmentation attack is a standard form of volumetric denial of service (DoS) attack. A denial-of-service (DoS) is any type of attack where the attackers try to stop genuine online users from accessing the service. During an IP fragmentation attack, datagram fragmentation mechanisms are used for crushing the network.
How Does an IP Fragmentation Work?
IP fragmentation takes place when IP datagrams are smashed into small packets. The broken packets are then sent across a network, where they are reconstructed into the original datagram as part of regular online communications.
This entire process is essential to meet the size parameters each network can withstand. This size limit is defined as a maximum transmission unit (MTU).
Types of an IP Fragmentation Attack
The purpose of an IP fragmentation attack is to thwart services or deactivate devices. There are numerous types of IP fragmentation attacks. IP fragmentation attacks comprise of dispersing datagrams with the intention of difficult reassembly once they’re received. The attack cripples a server, preventing it from operating as it should.
Here are some of the most common IP fragmentation attacks:
-
Tiny fragment attack
Each IP packet contains a header and a payload. A header consists of details that direct the IP packet to its intended destination. On the other hand, the payload is a framework which carries the data towards the header. A tiny fragment attack is a small miniature attack that occurs when a tiny packet fragment lands into a server. This typically occurs when one of the fragments can’t fit its header as it is too small, resulting in reassembly problems which could potentially close down a server. -
UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) fragmentation attacks
UDP and ICMP attack flood the servers with large and shady packets. This process drastically overburdens a server, preventing the server from carrying out its planned functions. -
TCP (Transmission Control Protocol) fragmentation attack (or teardrop attack)
The Teardrop attack or TCP attack uses packets that are developed to not reunite upon delivery. Without security measures in place, these packet fragments can halt your operating system and crash it, rendering it of no use.
How to protect yourself from IP fragmentation attacks
Here are the ways you can reduce the threat of an IP fragmentation attack:
-
Inspect incoming packets
You can do inspect incoming packets through a router, a secured proxy server, firewalls, or intrusion detection systems. -
Ensure your OS is up to date
Make sure your operating system is updated with the latest software. Updates carry necessary builds that fix bugs and other loopholes. -
Terminate connection with the sender
If you’ve been receiving fragmented IP attacks from a discovered sender, simply cut down your connection with them. At the same time, mobile devices use fragmented packets which might disrupt your internet traffic if you disable them.
Learn more about DDoS
- What is a DDoS Attack?
- How to Prevent DDoS Attack on Xbox
- Blackhole Routing
- HTTP Flood Attack
- Cross site Forgery Attack
- Malicious Payload
- HTTP Vulnerability
- What is Password Spraying
- DNS Flood Attack
- Low and Slow Attack
- What Happens During a DDoS Attack
- SSDP DDoS Attack
- Smurf DDoS Attack
- DDoS Botnets
- UDP Flood Attack
- Slowloris Attack
- NTP Amplification Attack
- DDoS Mitigation
- Ping Flood Attack
- DDoS Booter
- DNS Amplification Attack
- Brute Force Attack
- Golden Ticket Attack
- Credential Stuffing Attack
- How to Prevent DDoS Attack on Router
- Memcached attack
- Application Layer DDoS Attack
- DDoS Attack Prevention
- BGP Hijacking
- IP Fragmentation Attack