What is an IP/ICMP Fragmentation DDoS Attack?
An Internet Protocol (IP)/Internet Control Message Protocol (ICMP) fragmentation DDoS attack is a common form of volumetric denial of service (DoS) attack. In such an attack, datagram fragmentation mechanisms are used to overwhelm the network.
IP fragmentation occurs when IP datagrams are broken apart into small packets, then transmitted across a network, and finally reassembled into the original datagram as part of normal communications. This process is necessary to meet size limits that each network can handle. Such a limit is described as a maximum transmission unit (MTU).
When a packet is too large, it must be sliced into smaller fragments in order to be transmitted successfully. This leads to several packets being sent, one which contains all the info about the packet, including the source/destination ports, length, etc. This is the initial fragment.
The remaining fragments are “naked” in the sense that they simply consist of an IP header plus a data payload. These fragments contain no information on protocol, size or ports.
The attacker can employ IP fragmentation to target communications systems, as well as security components. ICMP-based fragmentation attacks typically submit fake fragments that cannot be defragmented. This in turn causes the fragments to be placed in temporary storage, taking up memory and in some cases exhausting all available memory resources.