Tiny Fragment Attack
nounid
4446·updated May 9, 2026candidate
With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.
MWE
Classifications
Entity Type
Threat92%llm-generatedllm:claude-haiku-4-5
Sensitivity
unclassified
Information Class
unclassified
Variants
- plural
- Tiny Fragment Attacks
- possessive
- Tiny Fragment Attack's
- pluralpossessive
- Tiny Fragment Attacks'
Framework definitions
- §1
- With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.
Outgoing relationships
No outgoing triples
This term is not the subject of any RDF-style relationship yet.
Incoming relationships
No incoming triples
No other term currently asserts a relationship to this one.