diff --git a/src/server.c b/src/server.c
index 341f1b62..576da899 100644
--- a/src/server.c
+++ b/src/server.c
@@ -74,6 +74,10 @@
 #define MAX_FRAG 1
 #endif
 
+#ifndef FRAG_TIMEOUT
+#define FRAG_TIMEOUT 0.5f
+#endif
+
 #ifdef USE_NFCONNTRACK_TOS
 
 #ifndef MARK_MAX_PACKET
@@ -707,6 +711,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
 
         // Only timer the watcher if a valid connection is established
         ev_timer_again(EV_A_ & server->recv_ctx->watcher);
+    } else if (server->stage == STAGE_INIT && server->frag > 0) {
+
+        // reset the timer for fragment request
+        ev_timer_set(&server->recv_ctx->watcher, MAX_REQUEST_TIMEOUT, MAX_REQUEST_TIMEOUT);
+        ev_timer_again(EV_A_ & server->recv_ctx->watcher);
     }
 
     ssize_t r = recv(server->fd, buf->data, SOCKET_BUF_SIZE, 0);
@@ -744,12 +753,16 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
         stop_server(EV_A_ server);
         return;
     } else if (err == CRYPTO_NEED_MORE) {
-        if (server->stage != STAGE_STREAM && server->frag > MAX_FRAG) {
-            report_addr(server->fd, "malicious fragmentation");
-            stop_server(EV_A_ server);
-            return;
+        if (server->stage != STAGE_STREAM) {
+            ev_timer_set(&server->recv_ctx->watcher, FRAG_TIMEOUT, FRAG_TIMEOUT);
+            ev_timer_again(EV_A_ & server->recv_ctx->watcher);
+            if (server->frag > MAX_FRAG) {
+                report_addr(server->fd, "malicious fragmentation");
+                stop_server(EV_A_ server);
+                return;
+            }
+            server->frag++;
         }
-        server->frag++;
         return;
     }