¨Use IP fragments on IDSs that cannot perform packet reassembly ¨Send a flood of fragments to saturate IDS prior to attacking targets