Is IP fragmentation still considered vulnerable?
4 hours ago
- #IPv4
- #Network Security
- #IPID Exploits
- IPv4 packets use a 16-bit identifier called IPID for reassembly, which has been exploited as a network side channel for over 25 years.
- IPID exploits include idle scans, probe comparisons, and fragment injections, leading to DNS cache poisoning and traffic hijacking.
- Different IPID selection methods (globally incrementing, per-connection, per-destination, per-bucket, PRNG) vary in correctness, security, and performance.
- Globally incrementing IPID selection, often seen as insecure, may be optimal for high-traffic servers due to weakened correlation between probes.
- Recommendations for IPID selection depend on traffic rates: PRNG for slow traffic, per-bucket for moderate, and globally incrementing for high-traffic servers.
- Operating systems should offer configurable IPID selection methods to fit different use cases, as no single method is universally best.