<P> The underlying Data Link Layer almost always poses limits to the maximum frame size (See MTU). In Ethernet, this is typically 1500 bytes . In such a case, a large IP packet is split across multiple IP packets (also known as IP fragments), so that each IP fragment will match the imposed limit . The receiver of the IP fragments will reassemble them into the complete IP packet, and will continue processing it as usual . </P> <P> When fragmentation is performed, each IP fragment needs to carry information about which part of the original IP packet it contains . This information is kept in the Fragment Offset field, in the IP header . The field is 13 bits long, and contains the offset of the data in the current IP fragment, in the original IP packet . The offset is given in units of 8 bytes . This allows a maximum offset of 65,528 ((2 - 1) * 8). Then when adding 20 bytes of IP header, the maximum will be 65,548 bytes, which exceeds the maximum frame size . This means that an IP fragment with the maximum offset should have data no larger than 7 bytes, or else it would exceed the limit of the maximum packet length . A malicious user can send an IP fragment with the maximum offset and with much more data than 8 bytes (as large as the physical layer allows it to be). </P> <P> When the receiver assembles all IP fragments, it will end up with an IP packet which is larger than 65,535 bytes . This may possibly overflow memory buffers which the receiver allocated for the packet, and can cause various problems . </P> <P> As is evident from the description above, the problem has nothing to do with ICMP, which is used only as payload, big enough to exploit the problem . It is a problem in the reassembly process of IP fragments, which may contain any type of protocol (TCP, UDP, IGMP, etc .). </P>

When was the ping of death first observed