IP Fragmentation Attack

IP fragmentation attacks occur when attackers create excessively fragmented dummy IP packets using various methods, to cause servers to be overwhelmed with the reassembly of these dummy packets, causing service outages. Reassembly of fragments can be both memory and CPU intensive, making fragmentation a convenient attack vector for DoS attacks.

In order to mitigate against such attacks, network devices such as routers are configured to detect these fragments and deny them.

To avoid buffer overflow and control memory use, configure a maximum threshold for the number of IP datagrams that are being reassembled and the number of fragments per datagram. You can use the ip virtual-reassembly command or the ip virtual-reassembly-out command to specify these parameters.

For more information on IP fragmentation in general, take a look at IP Fragmentation - effects on network traffic.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_frre/configuration/xe-3s/frre-xe-3s-book/virt-frag-reassembly.html#GUID-6183DC64-2560-429B-AF47-101A596DDBB5