IP fragmentation attack

Specifically, it invokes IP fragmentation, a process used to partition messages (the service data unit (SDU); typically a packet) from one layer of a network into multiple smaller payloads that can fit within the lower layer's protocol data unit (PDU).

IP includes some features which provide basic measures of fault-tolerance (time to live, checksum), traffic prioritization (type of service) and support for the fragmentation of larger packets into multiple smaller packets (ID field, fragment offset).

"[1] Another attack involves sending overlapping fragments with non-aligned offsets, which can render vulnerable operating systems not knowing what to do, causing some to crash.

The following is a real-life fragmentation example: The following was obtained using the Ethereal protocol analyzer to capture ICMP echo request packets.

Two important points here: Network infrastructure equipment such as routers, load-balancers, firewalls and IDS have inconsistent visibility into fragmented packets.

Some attacks may use this fact to evade detection by placing incriminating payload data in fragments.

The fragmentation algorithm in IPv4.