Digital Signal Processing


An Analysis of Packet Fragmentation Attacks vs. Snort Intrusion Detection System

Authors: Tian Fu, Te-Shun Chou

When Internet Protocol (IP) packets travel across networks, they must meet size requirements defined in the network’s Maximum Transmission Unit (MTU). If the packet is larger than the defined MTU, then it must be divided into smaller pieces, which are known as fragments. Attackers can exploit this process for their own purposes by attacking the systems. Packet fragmentation attacks have caused problems for Intrusion Detection Systems (IDSs) for years. In this paper, Snort IDS was tested. VMware virtual machines were used as both the host and victim. Other tools were also implemented in order to generate attacks against the IDS. The experiment results show the performance of Snort IDS when it was being attacked, and the ability of Snort to detect attacks in different ways.

Comments: 12 Pages.

Download: PDF

Submission history

[v1] 2012-08-19 00:09:18

Unique-IP document downloads: 4023 times is a pre-print repository rather than a journal. Articles hosted may not yet have been verified by peer-review and should be treated as preliminary. In particular, anything that appears to include financial or legal advice or proposed medical treatments should be treated with due caution. will not be responsible for any consequences of actions that result from any form of use of any documents on this website.

Add your own feedback and questions here:
You are equally welcome to be positive or negative about any paper but please be polite. If you are being critical you must mention at least one specific error, otherwise your comment will be deleted as unhelpful.

comments powered by Disqus