Chapter 3. Fragmentation

Fragmentation

At different times, attackers use fragmentation both to mask and facilitate their probes and exploits. Some intrusion-detection systems and packet-filtering devices do not support packet reassembly or perform it correctly and therefore do not detect or block activity where the signature is split over multiple datagrams. Availability or denial-of-service attacks use highly fragmented traffic to exhaust system resources. These are some of the reasons you might want to learn about fragmentation and some of the topics covered in this chapter.

By understanding how this facet of IP works, you will be equipped to detect and analyze ...

Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.