An IP fragmentation attack is a Layer 3/4 attack vector, one of the protocol-abuse classes a thorough DDoS test is built to exercise. It sends a stream of IP fragments that the target must hold and reassemble: fragments that never complete (missing the final piece), overlap in confusing ways, or arrive faster than the reassembly buffer can clear. Each pending fragment consumes memory and CPU in the reassembly path, so even a modest packet rate can exhaust kernel resources or force the device to drop legitimate traffic.
Why it matters in DDoS testing
Fragmentation attacks target a stateful resource (the reassembly buffer) rather than raw bandwidth, so they probe a different failure mode than a volumetric flood. A test characterizes how the host, firewall, and any inline middlebox handle malformed and incomplete fragments, and whether reassembly limits or fragment-drop policies hold under sustained pressure. Because the cost lands on infrastructure state, this class belongs in the protocol-resilience portion of DDoS resilience testing rather than the bandwidth portion.