0

The IP fragmentation offset has length 13 bits. Max offset is 2^13-1 = 8191.

I want to ask if the following packet sequence can create a total IP packet exceeding its max length, then under what circumstances will a packet need to contain the max offset ?

Assuming MTU 1500 bytes.

  • 44 packets of length 1480
  • packet of length 400 (offset 8140)
  • packet of length 400 (offset 8190)

Total IP packet size above = 20 + 1480 * 44 + 400 + 400 = 65940

Jake
  • 145
  • 8
  • That is a very old exploit that took advantage of poorly implemented IP stacks, but modern IP stacks should be immune to that now. Basically, fragmentation has been deprecated, and most routers and firewall at sites will drop packet fragments in order to prevent fragmentation attacks. – Ron Maupin Feb 02 '20 at 21:18
  • So that means there is no circumstance today when one will see a IP packet with a maximum fragmentation offset ? – Jake Feb 02 '20 at 21:20
  • 2
    I did not say that, but the buffer restriction that allowed overflows on what you propose has been eliminated. Most (smart) businesses will not allow packet fragments to enter their networks, and we now have PMTUD that really eliminates the need to fragment packets. In fact, IPv6 does not even allow routers to fragment packets in the path. Fragmentation is basically obsolete, although you may still use it inside your business. – Ron Maupin Feb 02 '20 at 21:22

0 Answers0