MoinQ:

DNS/FCP/IPv4について、ここに記述してください。

https://en.wikipedia.org/wiki/IPv4#Fragmentation_and_reassembly

IP DATAGRAM REASSEMBLY ALGORITHMS

https://tools.ietf.org/html/rfc815

Reassembly

A receiver knows that a packet is a fragment if at least one of the following conditions is true:

The receiver identifies matching fragments using the foreign and local address, the protocol ID, and the identification field. The receiver reassembles the data from fragments with the same ID using both the fragment offset and the more fragments flag. When the receiver receives the last fragment (which has the "more fragments" flag set to 0), it can calculate the length of the original data payload, by multiplying the last fragment's offset by eight, and adding the last fragment's data size. In the example above, this calculation was 495*8 + 540 = 4500 bytes.

When the receiver has all fragments, they can be correctly ordered by using the offsets, and reassembled to yield the original data segment.

1. Attack

IP fragmentation buffer full

https://tools.ietf.org/html/rfc1858


http://www.digital.net/~gandalf/Rose_Frag_Attack_Explained.htm

Rose Fragmentation Attack =========================

The first attack is fairly simple. Send the first few bytes of a fragmented packet at offset 0 (More Fragments Bit = 1) and then send a few bytes at the end of a 64k sized packet (More Fragments Bit = 0). The placement of the last fragment does not have to be at 64k, this is just an attempt to use more memory.