O'Reilly logo

Implementing Cisco Networking Solutions by Harpreet Singh

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Protecting from IP fragments

A common attack on the devices with a limited amount of resources is by sending a large number of fragments to the device. Recall from earlier chapters that IPv4 packets are allowed to be fragmented and the destination node reassembles the fragments to form the complete datagram and extract the payload that is then passed on to the upper layer protocol. If a large number of fragments are sent to the host, with one missing fragment from the entire set of fragments, the host would continue to store the fragments, consuming memory, and also CPU in processing these fragments, till some timers expire, and the host discards all fragments to clear memory. This can lead to a security attack on the host.

The ASA provides ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required