2000016

	Empty fragment
advICE :Intrusions : 2000016

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
An empty IP fragment was seen.
Details
When Internet packets are too large, they can be fragmented into smaller packages. The sensor has detected a fragment that contains no data. An example might be an IP header that is 20-bytes long, but contains no data. This may indicate:

An intruder is attempting to evade intrusion detection systems.
Some network equipment (routers/switches) is faulty, generating such fragments.
A bug exists in the TCP/IP stack of the machine that sent the packet.
An intruder is attempting a DoS attack against your system.
Linux kernels between version 2.1.89 and 2.2.3 were vulnerable to a DoS attack using this technique. Each such fragment would introduce a small memory leak. Repeatedly sending such fragments would eventually cause the system to run out of memory. A script named sesquipedalian was written to exploit this bug.

more information

BugTraq - 0 length fragment bug: Affects Linux 2.1.89-2.2.3

 
Version appeared: 2.1

Empty fragment