There are various kinds of IP fragmentation attacks, and they are a fairly common form of DDoS attack. All fragmentation attacks involve the breakdown of datagrams to overbear the target networks, but the difference lies in how the attack vectors are executed.
A fragmented ACK Flood is a DDoS attack is a variant of the ACK or PUSH-ACK Flood type, in which large fragmented packets (around 1500-byte) are sent to a victim’s server intended to consume the target’s network bandwidth (also known as the MTU, or maximum transmission unit). with only a small to moderate packet rate.
If the network equipment requires application level filters for the packets to pass through, the server will have to reassemble the packets, consuming a significant amount of its resources. These are known as TDP fragmentation attacks or Teardrop attacks. The data packets overlap and rapidly overwhelm the victim’s servers.
However, if no filters are applied, these attack packets can pass through firewalls, border routers, IDS/IPS devices and intrusion prevention systems unsuspected as these devices do not recompile fragmented packets on the network level. These are known as UDP or ICMP fragmentation attacks. Usually the contents of the packet is simply random, garbage data only there to consume resources with the goal of overwhelming the target network’s entire bandwidth. This kind of DDoS flood attack tends to decrease performance of all the targeted network’s servers.
Fragmented ACK Floods can be used as advanced evasion techniques designed to bypass deep packet inspection devices aiming to consume all bandwidth of the victim’s network or use fragmentation to launch other kinds of malicious attack, such as malware, ransomware or slow-and-low DDoS attacks.
Teardrop attacks were the result of an OS vulnerability found in older versions of Windows; it was thought that patches had put an end to these kinds of attacks, but a vulnerability resurfaced in later versions of Windows (7 and Vista), making them once again a potential type of DDoS attack. That bug was also patched, but vigilance is necessary for future iterations of Windows.
The way to mitigate against Fragmented ACK Floods or ACK/PUSH Floods are generally the same as those used to stop SYN Floods. Most mitigation techniques for fragmentation attacks aim to prevent malicious data packets reaching their target destinations at all, for example, by inspecting incoming packets for violations of fragmentation rules by using a secured proxy or a router.