IP Fragment Out-of-Order Denial of Service

This strike exploits a denial of service(DoS) vulnerability in IP fragments. The vulnerability is caused by the way how out-of-order IP fragments are handled from the kernel. A remote attacker could exploit this vulnerability by keep sending large amount crafted IP segments packet to the target server. Successful exploitation is able to exhaust target server's resource and lead to denial-of-service. *Note: Although this Strike sends the appropriate packets to trigger the vulnerability, in practice, we have found that actually crashing the endpoint requires a very high frame rate, higher than the Security Engine can provide. If you would like to try this at a higher rate, simply run this Strike against your DUT as you normally would, but take the capture from the port and then create a new test using the Recreate Component. Just import the PCAP you extracted and set the options "Send without modification" and "Unlimited Bandwidth" and finally "Use User based settings