Explaining the process of IP fragmentation and its flaws

IP fragmentation is a standard process of networking, designed to make the data transmissions smoother on both ends. While traversing information through the internet between the sender and the recipient, your router performs various under-the-hood actions. One of them is the procedure of splitting packets to meet the requirements of local networks. The Maximum Transmission Units (MTUs) determine these size limitations. Hence, the transmitted packets cannot be larger than the local network supports. However, IP fragmentation opens doors to unique attacks for consuming resources and interrupting targeted systems’ operations.

What is IP fragmentation?

In the simplest sense, the internet works by dealing with outgoing and incoming requests from all over the world. IP fragmentation serves the purpose of making sure datagrams do not exceed the size limitations. Depending on the network, the MTU regulations might differ. However, to prevent the system from discarding oversized datagrams, the IP fragmentation process is critical. In cases when the IP header contains instructions not to perform IP fragmentation, the server drops such datagrams and informs the recipient that the request is too big to transmit.

Naturally, after the IP fragmentation of packets during transmission, the network needs to reconstruct the original datagram. For this, the recipient network follows the guidelines in the offset to arrange fragmented pieces in the correct sequence. However, the division does come with its set of flaws. The IP fragmentation attacks belong to the broader category of DDoS raids to overwhelm targets’ servers.

Meaning and types of IP fragmentation attacks

Hackers perform IP fragmentation attacks for the same purpose as DDoS ventures: to overload servers and make them temporarily unavailable. For giant enterprises, even a brief loss of control could diminish users’ experience and prevent employees from implementing tasks.

There are three main types of IP fragmentation attacks that you should know about:

  • Tiny fragment attack. Attackers transmit very small initial packets that do not contain the TCP port number. As a rule, systems scan packets for port numbers to determine their final destination. However, when the packet is tiny and does not contain the necessary port number, networks might accidentally let the tiny packet pass. The result of such attacks could force servers to shut down temporarily.
  • UDP and ICMP fragmentation attack. Such attacks refer to the transmission of fake UDP or ICMP packets that exceed the set size limitations greatly. Incoming packets contain significant errors to prevent the server from reassembling them correctly. The process of handling this fraudulent traffic drains the server’s resources. Hence, the server is unable to cope with the spike in traffic and halts its services.
  • TCP fragmentation attack (or teardrop). The purpose of these IP fragmentation attacks is to overwhelm the TCP/IP mechanisms responsible for reorganizing divided packets. The transmitted packets usually are incomplete or contain duplicate packets to drain the defragmentation systems. As a result, they force systems to crash or become unresponsive.

Preventing such resource-consuming attacks

  • Set in-depth packet inspection. You might evade malevolent exploits of IP fragmentation by crafting specific guidelines. It is possible to set regulations for the rate and number of packets reaching your device. If a device with such protection enabled receives overwhelming or faulty packets, the system simply discards all of them to preserve power.
  • Block all non-initial fragments. While this might mitigate some of the hacks, it can also cause issues for your regular browsing. Hence, this is not an optimal solution. A better option is to limit the rate in which networks accept packets. While the incoming packets arrive at a normal rate, your system won’t block any of them. However, when there is a possibility of CPU overuse, the system prevents some packets from reaching their destinations.
  • Get a VPN. VPN services can make sure that IP fragmentation attacks do not compromise your devices. Even if your system gets overwhelmed by incoming traffic, these tools can help protect your network from shutting down, freezing, or crashing. Simply switch to another server and proceed with your browsing as usual.

Anton P.

Anton P.


Tags: DDoS TCP