Content deleted Content added
DefaultFree (talk | contribs) Packet structure was copied out of IPv4, update links to point there, as the anchors don't exist on this page |
Link suggestions feature: 2 links added. |
||
| (8 intermediate revisions by 7 users not shown) | |||
Line 6:
}}
'''IP fragmentation attacks''' are a kind of [[cyberattack|computer security attack]] based on how the [[Internet Protocol]] (IP) requires data to be transmitted and processed. Specifically, it invokes [[IP fragmentation]], a process used to partition messages (the [[service data unit]] (SDU); typically a [[network packet|packet]]) from one layer of a network into multiple smaller [[payload (computing)|payload]]s that can fit within the lower layer's [[protocol data unit]] (PDU). Every network link has a maximum size of [[data frame|messages]] that may be transmitted, called the [[maximum transmission unit]] (MTU). If the SDU plus metadata added at the [[link layer]] exceeds the MTU, the SDU must be fragmented. IP fragmentation attacks exploit this process as an [[attack vector]].
Part of the [[Internet protocol suite|TCP/IP suite]] is the Internet Protocol (IP) which resides at the [[Internet Layer]] of this model. IP is responsible for the transmission of packets between network end points. IP includes some features which provide basic measures of fault-tolerance (time to live, checksum), traffic prioritization (type of service) and support for the fragmentation of larger packets into multiple smaller packets (ID field, fragment offset). The support for fragmentation of larger packets provides a protocol allowing routers to fragment a packet into smaller packets when the original packet is too large for the supporting datalink frames. IP fragmentation exploits (attacks) use the fragmentation protocol within IP as an attack vector.
Line 78:
| colspan="16"|[[IPv4#Identification|Identification]]
| colspan="3"|[[IPv4#Flags|Flags]]
| colspan="13"|[[IPv4#Fragment
|-
! 8
Line 84:
| colspan="8"|[[IPv4#TTL|Time To Live]]
| colspan="8"|[[IPv4#Protocol|Protocol]]
| colspan="16"|[[IPv4#Header
|-
! 12
Line 110:
Flags:
: A 3 [[bit field]] which says if the packet is a part of a fragmented [[data frame]] or not.
: Bit 0: reserved, must be zero (unless packet is adhering to RFC 3514)
Line 127:
Fragment Offset specifies the fragment's position within the original packet, measured in 8-byte units.
Accordingly, every fragment except the last must contain a multiple of 8 bytes of data. It is obvious that Fragment Offset can hold 8192 (2^13) units but the [[network packet|packet]] can't have 8192 * 8 = 65,536 bytes of data because "Total Length" field of [[internet
Because an IP internet can be connectionless, fragments from one [[network packet|packet]] may be interleaved with those from another at the destination. The "Identification field" uniquely identifies the fragments of a particular [[network packet|packet]].
Line 135:
The following is a real-life fragmentation example:
The following was obtained using the [[Wireshark|Ethereal]] protocol analyzer to capture [[
<!-- The terminal command doesn't work for BASH on Darwin. -->
Line 141:
<!-- This example is way too long and messy -->
<syntaxhighlight lang="text">
No. Time Source Destination Protocol Info
1 0.000000 87.247.163.96 66.94.234.13 ICMP Echo (ping) request
Line 212:
Internet Protocol, Src: 87.247.163.96 (87.247.163.96), Dst: 66.94.234.13 (66.94.234.13)
Data (1480 bytes)
</syntaxhighlight>
Note that only the first fragment contains the ICMP header and all remaining fragments are generated without the ICMP header.
Line 241 ⟶ 240:
* [http://kohala.com/start/ W. Richard Stevens' Home Page]
*
*
[[Category:Internet security]]
| |||