Conditions préalables
This type of an attack requires the attacker to be able to generate fragmented IP traffic containing crafted data.
Atténuations
This attack may be mitigated by changing default cache sizes to be larger at the OS level. Additionally rules can be enforced to prune the cache with shorter timeouts for packet reassembly as the cache nears capacity.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
|
Improper Resource Shutdown or Release The product does not release or incorrectly releases a resource before it is made available for re-use. |
Références
REF-424
Fragmentation Considered Vulnerable
Yossi Gilad, Amir Herzberg.
http://u.cs.biu.ac.il/~herzbea/security/12-03%20fragmentation.pdf
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |