Windows IP Fragment Reassembly

Windows IP Fragment Reassembly
Reported May 19 by
Bindview"s Razor Team

  • Windows 95, 98, NT, and 2000 - all versions


Sending large numbers of identical fragmented IP packets to a Windows 2000 or NT4 host may cause the target to stop responding for the duration of the attack due to 100% CPU utilization. According to Bindview, the DoS is caused by sending identical fragmented IP packets to a target at 150 packets per second, where the contents of the packet do not matter.


Microsoft has issued patches for the problem.

Windows NT 4.0 Workstation, Server and Server, Enterprise Edition:

Windows NT 4.0 Server, Terminal Server Edition:

Windows 2000 Professional, Server and Advanced Server:

Windows 95:

Windows 98:

Microsoft"s Knowledge Base article:

Discovered and reported by Bindview"s Razor Team

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.