What is an IP Fragmentation Attack? Types & Prevention

Have you ever had trouble accessing a website? Amongst a few possible causes, one reason could be a cyberattack. Hackers are known to have an arsenal of tools to intercept and disrupt communication, and one particular way is by interfering with how an IP transfers information to the end user.

IP Fragmentation Attacks aren’t anything new. Internet Service Providers and webmasters alike have been coming up with ways to prevent it, but many hackers still resort to such means to interfere with a safe browsing experience. 

In order to understand what an IP Fragmentation Attack is and how it happens, we have to understand a few different concepts. Read on to learn how to protect yourself from becoming a victim of cybercrime. 

What is packet switching?

Since data is sent in IP packets, and such packets are of a specific size.  Patching switching can occur on connection-based means and connectionless platforms alike. 

A connection-based packet switching means that data is delivered and received in a specific order, which allows for a pathway for communication to be established prior to any transfer of data.

Connectionless packet switching, on the other hand, is when every packet is delivered independently instead of in a particular order. Consider it like sending items randomly, instead of in a queue. 

These out-of-queue packets are called datagrams and can travel in all sorts of undetermined, random orders. Since this form is much less structured than that of a connection-based method, datagrams can be used to attack or target servers. 

What is fragmentation?

Diving a datagram into smaller pieces of information packets is IP fragmentation. In order for a successful transfer and procession, these are usually of a very specific size. Before the receiver can look into the data they received, they must re-assemble the packets into order so that the information makes sense. If a datagram is too big to properly process or arrange, the user can re-fragment the packet for their own convenience. 

What is an IP fragmentation attack?

An IP fragmentation attack is a Denial of Service (DoS) attack that uses IP fragmentation to disrupt how the datagrams are being fragmented. This is to distrupt the running of web services, disable websites, or overload the network to make it inaccessible to users and visitors alike. 

The end goal is to stop a server from functioning how it is meant to and to stop traffic from ever reaching the website. There are many different forms of such attacks, but they most typically involve disrupting the flow of datagrams and rearranging them to make them near impossible to reassemble for actual use.

Types of an IP Fragmentation Attack

The general basis of all IP fragmentation attacks is to deactivate, block, and disrupt the working of servers and services. They are able to do this by changing, corrupting, adding, or re-arranging datagrams to inhibit the proper reconstruction, which means that the user, upon reception, will not be able to assemble the datagrams.

1. Tiny fragment attack:

Each IP packet has a payload and a header- the payload carries data towards the header, and the header directs the packet towards the destination. Much like the name, this attack consists of a tiny packet fragment entering the server. Since it is so small, it causes problems in reassembly as it does not fit in with the rest of the headers, which can cause server unavailability.

2. UDP and ICMP fragmentation attacks:

Here, fraudulent or corrupted UDP or ICMP packets are transferred which are larger than the MCU of the network. These packets are fake and cause troubles in reassembly, which causes networks and servers to become unavailable or shut down. 

3. TCP fragmentation attacks (Teardrop attacks):

These attacks are focused on the reassembly process of TCP/IP by preventing them from reassembling the received fragmented data packets. Since the IP packets end up overlapping, the servers become overloaded and end up failing. These types of attacks are known as Teardrop attacks and were popular in the Windows OS series.

How does an IP fragmentation attack work?

The basics are that it involves sending datagrams with the goal of interrupting reassembly. This can be achieved by sending datagrams that are too small, too large, or that are focused on overlapping with pre-existing datagrams to overwhelm the server. An IP fragmentation attack uses IP fragments to disable services, servers, and even devices upon the reception of data packets. 

The fraudulent packets are delivered to the victim, and when the victim sets out to reassemble the packets, their system, server, or device becomes overloaded past the size limit and ends up shutting down.

How to protect yourself from IP fragmentation attacks

You can lower the possibility of becoming a cyber victim of such attacks by using one or more of these methods:

1. Scan the incoming traffic of packets through a proxy server, firewalls, a detection system, or even a specially configured router
2. Keep all of your devices and software up to date, especially security patches and operating software updates,
3. Disable connectivity to any device or person that sends fragmented packets. Practise discretion with this as some connections (e.g. cellular networks) can send harmless, benign fragment packets that are essential to their traffic. 

It’s best to use a few different approaches at the same time. Our recommendation is to defend your network connection first by using a VPN service provider like AstrillVPN. AstrillVPN has military-grade encryption that keeps your data private and secure, offering unparalleled protection and connectivity.  

How common is IP fragmentation?

IP fragmentation has been around for many years, and it is still considerably widespread. IP packets are globally broken into multiple packets for easy transferring of data and convenience of use. These packets are sent through various network layers and are then reassembled on a near daily basis, even as a part of routine, ordinary transfers. 

Because of this, it’s important to put your security first by making sure that you are aware and keeping yourself safe from any cyberattacks. 

Conclusion

IIP fragmentation is the basis of how IP protocol works; it is essential and necessary to understand the pros and cons of the IP protocols you are using. However, hackers have found multiple ways to intercept connections and exploit the mechanism for nefarious attacks and schemes. Always practice caution and invest in a good protection system, like AstrillVPN, to prevent such attacks from reaching your connection.