If you have ever found your favorite website not opening, one of the reasons for that might be a hacker attack. Among the many things they manage to intercept is the way an IP transfers information to its destination.
Hackers have been employing this attack for many years. Even though, internet providers now have way more means to prevent it, cybercriminals still use it as a low-hanging fruit.
Below we will explain how it works and what are the methods to prevent it.
To understand IP fragmentation attacks, you need to understand IP fragmentation, and to understand IP fragmentation, you need to understand packet switching.
Most devices send data in IP packets of a specific size. This is called packet switching.
Packet switching can be connection-based or connectionless. Connection-based packet switching delivers and receives data in a predetermined order and establishes a communication route beforehand.
Connectionless packet switching is when every data packet is self-sufficient and routed independently rather than in a pre-arranged path. These packets are called datagrams. Datagrams travel in random order. Because of this less-structured communication method, they can be used to launch attacks on servers.
IP fragmentation is the process of dividing a datagram into smaller chunks of information called packets. These need to be of a specific size so that the receiving parties could process them and transfer data successfully. You can think of this requirement as a work desk – there’s only so much stuff you can fit on it at once before things start falling off.
All these packets are then reassembled by the receiving party so they can understand the data they got. If the datagram is too big, a server can either drop it or re-fragment the packet.
An IP fragmentation attack uses IP fragmentation to disrupt services or disable devices. This makes it a denial of service (DoS) attack.
There are many forms of IP fragmentation attacks. They generally involve sending datagrams that will be impossible to reassemble upon delivery. The goal is to abuse servers’ resources and prevent them from performing the operations they are supposed to.
These are some of the most widely used IP fragmentation attacks:
Every IP packet consists of a header and a payload. A header contains the information directing the packet to its destination, while the payload is a body of data it carries towards it.
A tiny fragment attack occurs when a tiny packet fragment gets into the server. This happens when one of the fragments are so small that it can’t even fit its own header. Part of that packet’s header is sent as a new fragment. This can cause reassembly problems and shut down a server.
In these attacks, servers are flooded with oversized or otherwise corrupt packets that they must reject. This can quickly overload a server’s resources and prevent it from performing its intended operations.
The Teardrop attack uses packets designed to be impossible to reassemble upon delivery. They can be incomplete or overlapping. It is usually directed towards defragmentation or security systems.
Without proper protection, these packets can cause an operating system to freeze or crash as it unable to process them.
You can minimize the risk of an IP fragmentation attack by employing one of these methods:
A multilayered approach works best in this case. We recommend using the first two methods for the best balance of protection and connectivity.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!