IP
Click on the red underlined text to get to the source
... subtle aspects of the Internet Protocol; fragmentation of IP packets,
an important feature in heterogeneous internetworks, poses several
potential problems which we explore here.
...
... Filtering IP Fragments ...
... packet fragmentation from the administrator; conceptually, an
IP filter is applied to each IP packet as a complete entity ...
... indexed by the source address, destination address, protocol, and IP
ID. When the initial (FO==0) fragment ...
...
With many IP implementations it is possible to impose an unusually
small fragment size on outgoing packets. If the fragment ...
... fragment contains at least 8 octets of data
beyond the IP header because important transport header information
...
... transport
header in the original unfragmented IP packet.
Note that TMIN is a function of the transport protocol ...
... fragment attacks and the
test need not be applied to IP packets carrying other transport
protocols. A better version of the tiny fragment ...
...
RFC 791std5, the current IP protocol specification, describes a
reassembly algorithm that results in new fragments ...
... fragments.
Thus, fully-compliant IP implementations are not guaranteed to be
immune to overlapping-fragment attacks ...
... fragments to take precedence over data from higher-
offset fragments. However, not all IP implementations are based on
the original BSD code, and it is likely that some of them are
vulnerable.
...
...
By adopting a better strategy in a router's IP filtering code, one
can be assured of blocking this "attack ...
... 791std5 demands that an IP stack must be capable of passing an 8
byte IP data payload without further fragmentation (fragments ...
... fragments sit
on 8 byte boundaries). Since an IP header can be up to 60 bytes
long (including options), this means that the minimum MTU on a
...
... link should be 68 bytes.
A typical IP header is only 20 bytes long and can therefore carry
48 bytes of data. No one in the real world should EVER be
generating a TCP ...
... TCP packet with FO=1, as it would require both that a
previous system fragmenting IP data down to the 8 byte minimum and
a 60 byte IP header ...