CAPEC-495: UDP Fragmentation

An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.

Not rated

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

CAPEC-495: UDP Fragmentation

Overview

What the attacker needs

Prerequisites

How to mitigate it

Frequently asked questions

What is CAPEC-495?

How do you prevent CAPEC-495?

What weaknesses does CAPEC-495 target?

References

Defend against CAPEC-495