IP fragmentation attack: Difference between revisions

'''IP fragmentation attacks''' isare thea processkind of breaking[[cyberattack|computer upsecurity aattack]] singlebased on how the [[Internet Protocol]] (IP) requires data to be transmitted and processed. Specifically, it invokes [[IP fragmentation]], a process used to partition messages (the [[service data unit]] (SDU); typically a [[network packet|packet]]) intofrom multipleone packetslayer of a network into multiple smaller size[[payload (computing)|payload]]s that can fit within the lower layer's [[protocol data unit]] (PDU). Every network link has a characteristicmaximum size of [[Datadata frame|messages]] that may be transmitted, called the [[maximum transmission unit]] (MTU). If the SDU plus metadata added at the link layer exceeds the MTU, the SDU must be fragmented. IP fragmentation attacks exploit this process as an [[attack vector]].

Part of the [[Internet protocol suite|TCP/IP suite]] is the Internet Protocol (IP) which resides at the [[Internet Layer]] of this model. IP is responsible for the transmission of packets between network end points. IP includes some features which provide basic measures of fault-tolerance (time to live, checksum), traffic prioritization (type of service) and support for the fragmentation of larger packets into multiple smaller packets (ID field, fragment offset). The support for fragmentation of larger packets provides a protocol allowing routers to fragment a packet into smaller packets when the original packet is too large for the supporting datalink frames. IP fragmentation exploits (attacks) use the fragmentation protocol within IP as an attack vector.