| This attack may accomplish all sorts of things, thus we do not (on this level) define any existential quantifiers. |
| •owl:Thing |
| •sec:Threat |
| •sec:ActiveAttack |
| •sec:BypassingIntendedControls |
| •sec:TinyFragmentAttack |
| sec:BypassingIntendedControls |
| sec:threatens ONLY ((sec:_Confidentiality OR sec:_Integrity OR sec:_Availability) AND sec:_Network) |
| sec:threatens SOME sec:_Network |
| dc:description | The attacker uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate packet fragment. This attack is designed to circumvent filtering rules that depend on TCP header information. (Stallings 06) |
Class(sec:TinyFragmentAttack partial sec:BypassingIntendedControls
restriction(sec:threatens allValuesFrom(intersectionOf(unionOf(sec:_Confidentiality
sec:_Integrity
sec:_Availability)
sec:_Network)))
restriction(sec:threatens someValuesFrom(sec:_Network)))