IP Fragmentation Attack
What is IP Fragmentation Attack?
IP Fragmentation AttackA family of network attacks that abuses IP fragmentation - overlapping, undersized, or oversized fragments - to crash hosts, evade IDS/IPS, or trigger denial of service.
IP fragmentation attacks exploit how the network stack reassembles IP packets larger than the MTU. Variants include Teardrop (overlapping fragments that crash buggy reassembly code), Tiny Fragment (Layer-4 headers split across fragments to bypass packet filters), Bonk and Jolt (oversized or zero-offset fragments), and IPv6 fragmentation attacks against IPv6 extension headers. Modern goals are usually IDS/IPS evasion - splitting a malicious payload so signature-based engines never see it intact - or amplification DoS through fragment caches. Defenses: keep operating systems patched (modern stacks reject suspicious fragments), drop non-initial fragments at perimeter firewalls when feasible, normalize traffic through a fragment-reassembling IPS, and disable IPv6 fragmentation where unnecessary.
● Examples
- 01
A classic Teardrop attack sending overlapping IP fragments to crash legacy Windows hosts.
- 02
Tiny-fragment evasion that splits a TCP SYN with malicious options across two fragments to bypass a simple ACL.
● Frequently asked questions
What is IP Fragmentation Attack?
A family of network attacks that abuses IP fragmentation - overlapping, undersized, or oversized fragments - to crash hosts, evade IDS/IPS, or trigger denial of service. It belongs to the Attacks & Threats category of cybersecurity.
What does IP Fragmentation Attack mean?
A family of network attacks that abuses IP fragmentation - overlapping, undersized, or oversized fragments - to crash hosts, evade IDS/IPS, or trigger denial of service.
How does IP Fragmentation Attack work?
IP fragmentation attacks exploit how the network stack reassembles IP packets larger than the MTU. Variants include Teardrop (overlapping fragments that crash buggy reassembly code), Tiny Fragment (Layer-4 headers split across fragments to bypass packet filters), Bonk and Jolt (oversized or zero-offset fragments), and IPv6 fragmentation attacks against IPv6 extension headers. Modern goals are usually IDS/IPS evasion - splitting a malicious payload so signature-based engines never see it intact - or amplification DoS through fragment caches. Defenses: keep operating systems patched (modern stacks reject suspicious fragments), drop non-initial fragments at perimeter firewalls when feasible, normalize traffic through a fragment-reassembling IPS, and disable IPv6 fragmentation where unnecessary.
How do you defend against IP Fragmentation Attack?
Defences for IP Fragmentation Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IP Fragmentation Attack?
Common alternative names include: Teardrop attack, Tiny fragment attack, Fragmentation evasion.
● Related terms
- attacks№ 1135
TCP Reset Injection
An attack that forges TCP RST segments matching an existing connection so endpoints abruptly close it, breaking or hijacking the session.
- attacks№ 865
Promiscuous Mode
A network-interface mode in which the NIC delivers every frame on the wire to the operating system, enabling passive sniffing of traffic on a shared or mirrored segment.
- attacks№ 1060
Smurf Attack
A legacy amplification DDoS that sends ICMP echo requests to a network's broadcast address with the victim's IP spoofed as the source, causing every host on that network to reply to the victim.
- attacks№ 329
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
- attacks№ 1122
SYN Flood
A TCP-based denial-of-service attack that sends many SYN packets without completing the three-way handshake, exhausting the target's connection-state resources.