At different times, attackers use fragmentation both to mask and facilitate their probes and exploits. Some intrusion-detection systems and packet-filtering devices do not support packet reassembly or perform it correctly and therefore do not detect or block activity where the signature is split over multiple datagrams. Availability or denial-of-service attacks use highly fragmented traffic to exhaust system resources. These are some of the reasons you might want to learn about fragmentation and some of the topics covered in this chapter.

By understanding how this facet of IP works, you will be equipped to detect and analyze ...