IP Fragments Problem -not all IP fragments contains tcP header Good news P fragment is rare in practice Solution All IP fragments redirect to slow path 16
16 IP Fragments Problem -Not all IP fragments contains TCP header Good news -IP fragment is rare in practice Solution -All IP fragments redirect to slow path
Types of Evasion Attack Misordered Fragments Interspersed chaff Overlapping Fragments Combine with IP fragmentation 17
17 Types of Evasion Attack • Misordered Fragments • Interspersed Chaff • Overlapping Fragments - Combine with IP fragmentation
Example- Misordered Fragments SEQ=13,Data=“ACK” SEQ=10.Data=“ATT Arrival sequence Characteristics Out-of-Order segments Segments contains portion of the signature 18
18 Example – Misordered Fragments • Characteristics – Out-of-Order segments – Segments contains portion of the signature SEQ=13, Data=“ACK” SEQ=10, Data=“ATT” Arrival sequence
EXample -Interspersed Chaff SEQ=10. TTL=10. Data="ATT SEQ=13,TTL=1,Daa=JKL…·SEQ=13,TTL=10,Data=“ACK Arrival sequence Characteristics Noise or"Chaff segments Some segments with small TTL 19
19 Example – Interspersed Chaff • Characteristics – “Noise” or “Chaff” segments – Some segments with small TTL SEQ=10, TTL=10, Data=“ATT” SEQ=13, TTL=1, Data=“JKL” SEQ=13, TTL=10, Data=“ACK” Arrival sequence …