Which pair of fragmentation evasion techniques is commonly used against IDS/IPS?

Fragmentation evasion against IDS/IPS relies on how these systems reassemble IP fragments for inspection. Overlapping fragments create ambiguity in reassembly, letting the attacker influence which data ends up in the final payload the IDS inspects, so some content can slip past detection. Delayed fragments exploit timing by spreading data across fragments that arrive at different times, which can cause the IDS to reassemble differently or miss parts of the payload, reducing visibility. These two techniques are commonly used because they target the core behavior of fragment reassembly and timing in detectors. The other options aren’t fragmentation-based evasion: large DNS payloads aren’t about fragmentation evasion, and turning off fragment reassembly is a defensive configuration, not an attacker technique.