atlasVPN
atlasVPN

Features

Pricing

VPN apps

Use cases

Blog

Help

Log in

Explaining the process of IP fragmentation and its flaws

Anton P. | July 08, 2020

IP fragmentation is a standard process of networking, designed to make the data transmissions smoother on both ends. While traversing information through the internet between the sender and the recipient, your router performs various under-the-hood actions. One of them is the procedure of splitting packets to meet the requirements of local networks. The Maximum Transmission Units (MTUs) determine these size limitations. Hence, the transmitted packets cannot be larger than the local network supports. However, IP fragmentation opens doors to unique attacks for consuming resources and interrupting targeted systems’ operations.

What is IP fragmentation?

In the simplest sense, the internet works by dealing with outgoing and incoming requests from all over the world. IP fragmentation serves the purpose of making sure datagrams do not exceed the size limitations. Depending on the network, the MTU regulations might differ. However, to prevent the system from discarding oversized datagrams, the IP fragmentation process is critical. In cases when the IP header contains instructions not to perform IP fragmentation, the server drops such datagrams and informs the recipient that the request is too big to transmit.

Naturally, after the IP fragmentation of packets during transmission, the network needs to reconstruct the original datagram. For this, the recipient network follows the guidelines in the offset to arrange fragmented pieces in the correct sequence. However, the division does come with its set of flaws. The IP fragmentation attacks belong to the broader category of DDoS raids to overwhelm targets’ servers.

Meaning and types of IP fragmentation attacks

Hackers perform IP fragmentation attacks for the same purpose as DDoS ventures: to overload servers and make them temporarily unavailable. For giant enterprises, even a brief loss of control could diminish users’ experience and prevent employees from implementing tasks.

There are three main types of IP fragmentation attacks that you should know about:

  • Tiny fragment attack. Attackers transmit very small initial packets that do not contain the TCP port number. As a rule, systems scan packets for port numbers to determine their final destination. However, when the packet is tiny and does not contain the necessary port number, networks might accidentally let the tiny packet pass. The result of such attacks could force servers to shut down temporarily.
  • UDP and ICMP fragmentation attack. Such attacks refer to the transmission of fake UDP or ICMP packets that exceed the set size limitations greatly. Incoming packets contain significant errors to prevent the server from reassembling them correctly. The process of handling this fraudulent traffic drains the server’s resources. Hence, the server is unable to cope with the spike in traffic and halts its services.
  • TCP fragmentation attack (or teardrop). The purpose of these IP fragmentation attacks is to overwhelm the TCP/IP mechanisms responsible for reorganizing divided packets. The transmitted packets usually are incomplete or contain duplicate packets to drain the defragmentation systems. As a result, they force systems to crash or become unresponsive.

Preventing such resource-consuming attacks

  • Set in-depth packet inspection. You might evade malevolent exploits of IP fragmentation by crafting specific guidelines. It is possible to set regulations for the rate and number of packets reaching your device. If a device with such protection enabled receives overwhelming or faulty packets, the system simply discards all of them to preserve power.
  • Block all non-initial fragments. While this might mitigate some of the hacks, it can also cause issues for your regular browsing. Hence, this is not an optimal solution. A better option is to limit the rate in which networks accept packets. While the incoming packets arrive at a normal rate, your system won’t block any of them. However, when there is a possibility of CPU overuse, the system prevents some packets from reaching their destinations.
  • Get a VPN. VPN services can make sure that IP fragmentation attacks do not compromise your devices. Even if your system gets overwhelmed by incoming traffic, these tools can help protect your network from shutting down, freezing, or crashing. Simply switch to another server and proceed with your browsing as usual.

app-storegoogle-play

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

DDoSTCP

Related

What is the ping of death? Attacks that crash computers

What is the ping of death? Attacks that crash computers

Atlas VPN hands out VPN subscriptions to support journalists in Ukraine

Atlas VPN hands out VPN subscriptions to support journalists in Ukraine

Number of DDoS attacks globally hit record heights in Q3 2021

Number of DDoS attacks globally hit record heights in Q3 2021

Terms and conditions
Privacy policy
PayPalVisaMasterCardUnion PayAmexDiscoverDiners ClubJCBGoogle Pay

© 2023 Atlas VPN. All rights reserved.

Atlas VPN

Features
Servers
Use cases
Free VPN
Refer a friend
Special discounts
What is VPN
What is my IP

Information

About us
Blog
YouTube creators
Affiliate
Non-profit support
Media center
Warrant canary
For Media partners

Apps

Windows
macOS
Linux
Android
iOS
Android TV
Fire TV Stick

Follow us

Need help?

Help center
Contact us
Terms and conditions
Privacy policy
PayPalVisaMasterCardUnion PayAmexDiscoverDiners ClubJCBGoogle Pay

© 2023 Atlas VPN. All rights reserved.