您的 IP 地址: 未知 · 您当前的状态: 受保护未受保护的未知

NordVPN

在线安全性和私密性

NordPass

密码管理

NordPass Business

企业密码安全整体方案

NordLocker

云存储加密

博客 In Depth

What is an IP Fragmentation Attack?

If you have ever found your favorite website not opening, one of the reasons for that might be a hacker attack. Among the many things they manage to intercept is the way an IP transfers information to its destination.

Paul Black

Paul Black

Jul 15, 2019 · 3 min read

facebook Facebook
twitter Twitter
Copy link Copy link
What is an IP Fragmentation Attack?

Hackers have been employing this cyber attack for many years. Even though, internet providers now have way more means to prevent it, cybercriminals still use it as a low-hanging fruit.

Below we will explain how it works and what are the methods to prevent it.

How does IP fragmentation work?

To understand IP fragmentation attacks, you need to understand IP fragmentation, and to understand IP fragmentation, you need to understand packet switching.

What is packet switching?

Most devices send data in IP packets of a specific size. This is called packet switching.

Packet switching can be connection-based or connectionless. Connection-based packet switching delivers and receives data in a predetermined order and establishes a communication route beforehand.

Connectionless packet switching is when every data packet is self-sufficient and routed independently rather than in a pre-arranged path. These packets are called datagrams. Datagrams travel in random order. Because of this less-structured communication method, they can be used to launch attacks on servers.

What is fragmentation?

IP fragmentation is the process of dividing a datagram into smaller chunks of information called packets. These need to be of a specific size so that the receiving parties could process them and transfer data successfully. You can think of this requirement as a work desk – there’s only so much stuff you can fit on it at once before things start falling off.

All these packets are then reassembled by the receiving party so they can understand the data they got. If the datagram is too big, a server can either drop it or re-fragment the packet.

IP fragmentation attack

What is an IP fragmentation attack?

An IP fragmentation attack uses IP fragmentation to disrupt services or disable devices. This makes it a denial of service (DoS) attack.

There are many forms of IP fragmentation attacks. They generally involve sending datagrams that will be impossible to reassemble upon delivery. The goal is to abuse servers’ resources and prevent them from performing the operations they are supposed to.

These are some of the most widely used IP fragmentation attacks:

  1. Tiny fragment attack.

    2. Every IP packet consists of a header and a payload. A header contains the information directing the packet to its destination, while the payload is a body of data it carries towards it.

    A tiny fragment attack occurs when a tiny packet fragment gets into the server. This happens when one of the fragments are so small that it can’t even fit its own header. Part of that packet’s header is sent as a new fragment. This can cause reassembly problems and shut down a server.

    IP fragmentation attack
  2. UDP (Used Datagram Protocol) and ICMP (Internet Control Message Protocol) fragmentation attacks.

    3. In these attacks, servers are flooded with oversized or otherwise corrupt packets that they must reject. This can quickly overload a server’s resources and prevent it from performing its intended operations.

    IP fragmentation attack
  3. TCP (Transmission Control Protocol) fragmentation attack (or teardrop attack).

    4. The Teardrop attack uses packets designed to be impossible to reassemble upon delivery. They can be incomplete or overlapping. It is usually directed towards defragmentation or security systems.

    Without proper protection, these packets can cause an operating system to freeze or crash as it unable to process them.

    IP fragmentation attack

How to protect yourself from IP fragmentation attacks

You can minimize the risk of an IP fragmentation attack by employing one of these methods:

  1. Inspect incoming packets using a router, a secured proxy server, firewalls, or intrusion detection systems;
  2. Make sure that your OS is up to date and has all the latest security patches installed;
  3. You can block fragmented IP packets by cutting your connection with anyone who sends them. However, some benign connections (e.g., mobile devices) use fragmented packets, so disabling them might cause disruptions for your traffic.

A multilayered approach works best in this case. We recommend using the first two methods for the best balance of protection and connectivity.

Also available in: English, Português Brasileiro, 以及其他语言 .
facebook Facebook
twitter Twitter
Copy link Copy link
Paul Black
Paul Black success Verified author
Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.
Next article
Next read NordVPN for Linux: release notes Elle Friberg · Feb 10, 2022

Trending articles

Trending article
News · 3 min read What is Log4Shell and what kind of damage can it do? Carlos Martinez · Feb 04, 2022
Trending article
How-To · 6 min read How to tell if your laptop camera has been hacked Elle Friberg · Jan 19, 2022
Trending article
How-To · 4 min read What is spyware and how can you protect yourself? Paul Black · Feb 14, 2022
Trending article
Service Updates · 1 min read NordVPN for Linux: release notes Elle Friberg · Feb 10, 2022