IP Fragment overlap
advICE :Intrusions : 2000009

Summary

Denial of Service attempt.

Details

Overlapping of IP fragments; this technique is used in a broad range of Denial of Service attacks. Your operating system may become unstable or crash.

Defense Fixes are available for most operating systems - consult your operating system vendor for more information, or look at the CERT and Microsoft Advisories on this subject. Note that just because somebody is sending these packets at your system doesn't mean it will crash. Newer systems are probably not vulnerable to this attack.

Spoofing

The source address is likely to be spoofed. This means that the sender of the frame is probably not using his actual source address, and is pretending to be someone else. Unfortunately, there is no easy way to determine who is actually sending spoofed frames.

parametric information expected The expected value of the fragment offset. offset The actual value of the fragment offset. length The length of the fragment.

 
Version appeared: