Wikipedia

IP fragmentation attack: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m External links: use wikipedia RFC links
Changed link from Intrusion Prevention System to what it redirects to, Intrusion Detection System
Line 158:
== Fragmentation for evasion ==
 
Network infrastructure equipment such as [[Router (computing)|routers]], [[Load balancing (computing)|load-balancers]], [[Firewall (computing)|firewalls]] and [[Intrusion preventiondetection system|IPSIDS]] have inconsistent visibility into fragmented packets. For example, a device may subject the initial fragment to rigorous inspection and auditing, but might allow all additional fragments to pass unchecked. Some attacks may use this fact to evade detection by placing incriminating payload data in fragments. Devices operating in [[Proxy server|"full" proxy mode]] are generally not susceptible to this subterfuge.
 
== References ==
Retrieved from "https://en.wikipedia.org/wiki/IP_fragmentation_attack"