Dark Mode

Settings

Capec-495 Detail

UDP Fragmentation

Standard Communications Software

Parents: 130

Threats: T61 T64 T74 T77 T264 T265 T269 T282 T289 T308 T309 T374 T401

Description

An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.

Not present

External ID Source Link Description
CAPEC-495 capec https://capec.mitre.org/data/definitions/495.html
CWE-770 cwe http://cwe.mitre.org/data/definitions/770.html
CWE-404 cwe http://cwe.mitre.org/data/definitions/404.html
REF-424 reference_from_CAPEC http://u.cs.biu.ac.il/~herzbea/security/12-03%20fragmentation.pdf Yossi Gilad, Amir Herzberg, Fragmentation Considered Vulnerable, 2012

Not present

  1. This type of an attack requires the attacker to be able to generate fragmented IP traffic containing crafted data.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.