Tiny Fragment Attack

A Tiny Fragment attack is IP fragmentation that is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller size. Every network link has a characteristic size of messages that may be transmitted, called the maximum transmission unit (MTU). If the data packet size is made small enough to force some of a TCP packet’s TCP header fields into the second data fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn’t hit a match in the filter. STD 5, RFC 791 states that, “Every Internet module must be able to forward a datagram of 68 octets without further fragmentation.” This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets. IP fragmentation exploits (attacks) use the fragmentation protocol within IP as an attack vector.