Content deleted Content added
m unpiped links using script |
Link suggestions feature: 2 links added. |
||
Line 6:
}}
'''IP fragmentation attacks''' are a kind of [[cyberattack|computer security attack]] based on how the [[Internet Protocol]] (IP) requires data to be transmitted and processed. Specifically, it invokes [[IP fragmentation]], a process used to partition messages (the [[service data unit]] (SDU); typically a [[network packet|packet]]) from one layer of a network into multiple smaller [[payload (computing)|payload]]s that can fit within the lower layer's [[protocol data unit]] (PDU). Every network link has a maximum size of [[data frame|messages]] that may be transmitted, called the [[maximum transmission unit]] (MTU). If the SDU plus metadata added at the [[link layer]] exceeds the MTU, the SDU must be fragmented. IP fragmentation attacks exploit this process as an [[attack vector]].
Part of the [[Internet protocol suite|TCP/IP suite]] is the Internet Protocol (IP) which resides at the [[Internet Layer]] of this model. IP is responsible for the transmission of packets between network end points. IP includes some features which provide basic measures of fault-tolerance (time to live, checksum), traffic prioritization (type of service) and support for the fragmentation of larger packets into multiple smaller packets (ID field, fragment offset). The support for fragmentation of larger packets provides a protocol allowing routers to fragment a packet into smaller packets when the original packet is too large for the supporting datalink frames. IP fragmentation exploits (attacks) use the fragmentation protocol within IP as an attack vector.
Line 110:
Flags:
: A 3 [[bit field]] which says if the packet is a part of a fragmented [[data frame]] or not.
: Bit 0: reserved, must be zero (unless packet is adhering to RFC 3514)
| |||