In a fragmented ACK flood attack, large fragmented (1500+ byte) packets are sent to consume large amounts of bandwidth, while generating a relatively small packet rate. While the protocols allow for fragmentation these packets usually pass through border routers, firewalls and IDS/IPS devices uninspected or can consume excessive resources attempting to reassemble and inspect fragmented packets. The packet contents can be randomized, irrelevant data that can consume resources. However, this method can also be used as an Advanced Evasion Technique designed to bypass deep packet inspection devices altogether. The attacker’s goal can be to consume all bandwidth of the victim’s network or use fragmentation to hide insidious low-and-slow application-layer DDoS attacks, malware, overflows, brute-force etc.
