• Skip to main content
  • Skip to primary sidebar

DDoS Blog

Cyber Security News

What is an IP Fragmentation Attack?

December 23, 2017 By TheNewsTeam

There are various kinds of IP fragmentation attacks, and they are a fairly common form of DDoS attack. All fragmentation attacks involve the breakdown of datagrams to overbear the target networks, but the difference lies in how the attack vectors are executed.

A fragmented ACK Flood is a DDoS attack is a variant of the ACK or PUSH-ACK Flood type, in which large fragmented packets (around 1500-byte) are sent to a victim’s server intended to consume the target’s network bandwidth (also known as the MTU, or maximum transmission unit). with only a small to moderate packet rate.

If the network equipment requires application level filters for the packets to pass through, the server will have to reassemble the packets, consuming a significant amount of its resources. These are known as TDP fragmentation attacks or Teardrop attacks. The data packets overlap and rapidly overwhelm the victim’s servers.

However, if no filters are applied, these attack packets can pass through firewalls, border routers, IDS/IPS devices and intrusion prevention systems unsuspected as these devices do not recompile fragmented packets on the network level. These are known as UDP or ICMP fragmentation attacks. Usually the contents of the packet is simply random, garbage data only there to consume resources with the goal of overwhelming the target network’s entire bandwidth. This kind of DDoS flood attack tends to decrease performance of all the targeted network’s servers.

Fragmented ACK Floods can be used as advanced evasion techniques designed to bypass deep packet inspection devices aiming to consume all bandwidth of the victim’s network or use fragmentation to launch other kinds of malicious attack, such as malware, ransomware or slow-and-low DDoS attacks.

Teardrop attacks were the result of an OS vulnerability found in older versions of Windows; it was thought that patches had put an end to these kinds of attacks, but a vulnerability resurfaced in later versions of Windows (7 and Vista), making them once again a potential type of DDoS attack. That bug was also patched, but vigilance is necessary for future iterations of Windows.

The way to mitigate against Fragmented ACK Floods or ACK/PUSH Floods are generally the same as those used to stop SYN Floods. Most mitigation techniques for fragmentation attacks aim to prevent malicious data packets reaching their target destinations at all, for example, by inspecting incoming packets for violations of fragmentation rules by using a secured proxy or a router.

Filed Under: IP Fragmentation Attack Tagged With: ACK Flood, DDoS, fragmented ACK floods, fragmented packets, ICMP fragmentation attacks, IP fragmentation attack, mitigation, OS vulnerability, PUSH ACK Flood, SYN Floods, Teardrop attacks, UDP fragmentation attacks, Windows

Primary Sidebar

Directory

  • Accidental DDoS
  • Akamai
  • Arbor Cloud
  • Business Rivalry DDoS
  • China Unicom
  • Cloud Computing
  • Cloudflare
  • Corero Network Security
  • DDoS Case Studies
  • DDoS Foundations
  • DDoS History
  • DDoS Landscape
  • DDoS mitigation
  • DDoS Motivation
  • DDoS Protection Services
  • DDoS Scripts
  • DDoS Tools
  • DNS Amplification
  • DNS Flood
  • DoSarrest
  • Extortion DDoS
  • F5 Networks
  • Genie Networks
  • Google
  • Government
  • Hacktivist DDoS
  • HTTP Attack
  • ICMP Flood
  • Imperva Incapsula
  • Infrastructure-related attacks
  • IoT DDoS
  • IP Fragmentation Attack
  • IP Null Attack
  • Kentik
  • LAND attack
  • MemCached DDoS
  • Mitigation Techniques
  • Multi-vector Attack
  • Nation State DDoS
  • Neustar
  • Nexusguard
  • NTP Amplification Attack
  • Null Routing
  • PING Flood
  • Ping of Death
  • Random Recursive GET attack
  • Recursive GET attack
  • Reflection Attack
  • Script Kiddies DDoS
  • Slowloris
  • Slowloris
  • Smokescreen DDoS
  • Specially Crafted DDoS
  • SSL-based DDoS
  • SYN Floods
  • SYN-ACK Flood
  • Types of Attack
  • Types of Mitigation
  • UDP Flood
  • Uncategorized
  • Verisign
  • Verizon
  • XML-DoS
  • Zero-day DDoS Attack
Copyright © 2017 Disclaimer. Privacy Policy
All product names, logos, and brands are property of their respective owners.