Preface: Too much IP fragmentationLogo -Internet Security Systems

Too much IP fragmentation
advICE :Intrusions : 2000011
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Denial of Service overload attempt.

Details

May indicate attempt to attack system, or may be simple spike in traffic. A large number of unprocessed fragments have been seen.

If you get this report frequently, and fragmentation often occurs on your network, you can adjust the amount of memory allocated for de-fragmentation by setting the ip.fragment.memory parameter.

 more information
BugtraqID: 690   Cisco PIX and CBAC Fragmentation Attack
 
CVE-1999-0157   Cisco PIX firewall and CBAC IP fragmentation DoS attack
 

 configuration for this item
ip.fragment.memory500000If the amount of memory used to handle fragmentation exceeds this number of bytes, an intrusion detection is triggered.

 
Version appeared:
Privacy Policy |  Copyright Info