Question: The tiny fragment attack is a form of firewall attack. The intruder uses the IP fragmentation option to create extremely small fragments and force the
The tiny fragment attack is a form of firewall attack. The intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate packet fragment. This attack is designed to circumvent filtering rules that depend on TCP header information. Typically, a packet filter will make a filtering decision on the first fragment of a packet. All subsequent fragments of that packet are filtered out solely on the basis that they are part of the packet whose first fragment was rejected. The attacker hopes that the filtering firewall examines only the first fragment and that the remaining fragments are passed through. A tiny fragment attack can be defeated by enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header. If the first fragment is rejected, the filter can remember the packet and discard all subsequent fragments. However, the nature of IP is such that fragments may arrive out of order. Thus, an intermediate fragment may pass through the filter before the initial fragment is rejected. How can this situation be handled?
Step by Step Solution
3.53 Rating (167 Votes )
There are 3 Steps involved in it
To conclude I can say that it will be impossi... View full answer
Get step-by-step solutions from verified subject matter experts
Document Format (1 attachment)
765-E-T-E-C-S (609).docx
120 KBs Word File