Fragmentation

Question 1

When does Fragmentation occur

Answer 1

When mtu is smaller than datagram

ex. dg=2024 bytes mtu=512 bytes

Question 2

What number do all fragments have to have that are the same

Answer 2

Fragment ID number

Question 3

Fragment ID number is created how?

Answer 3

Taken from IP ID number from original unfragmented datagram

Question 4

What is an offset

Answer 4

the offset / position in bytes within the original datagram

Question 5

What is Ethernet mtu

Answer 5

1500 bytes
20 bytes for IP header
1480 for rest of data/headers

Question 6

In tcpdump the + sign indicates what?

Answer 6

more fragments coming

Question 7

What is minimum supported mtu in IPv6

Answer 7

1280 bytes

Question 8

Which attack sent fragmented ICMP packets for DOS

Answer 8

Ping of death

Question 9

Ping Of Death How does it work

Answer 9

• Very large datagram > 65,535 bytes crafted using fragments
• Victim reassembled and max datagram 65,535 would be exceeded
• Host crashes

Question 10

How does Teardrop attack work

Answer 10

Fragment overlap
1st packet length 36 and offset 0
2nd packet length 24 and offset 8
system hangs on reassembly

Question 11

How does OpenBSD IPv6 mbufs buffer overflow work

Answer 11

set first frag offset to zero with no payload

set second frag offset to 0 with large payload and inject code for bof