Security Incidents mailing list archives
IPv4 fragmentation --> The Rose Attack
From: hs () holgerscherer de
Date: Wed, 14 Apr 2004 23:54:19 +0200
Question to the experts: my firewall (Netscreen 5GT) recognizes several IP fragment alerts a day, reading **SNIP** [00001] 2004-04-11 15:34:44 system-critical-00413: no tcp flag, From 212.YY.XXX.35/3580 to 213.221.XXX.YY/83, using protocol TCP (on zone V1-Untrust,interface untrust) occurred 1 times [00001] 2004-04-13 22:54:34 system-critical-00440: ip fragment, From 62.XXX.151.YY/33451 to 213.221.XXX.YY/23604, using protocol TCP (on zone V1-Untrust,interface untrust) occurred 1 times [00001] 2004-04-14 20:45:19 system-critical-00440: ip fragment, From XXX.152.YY.148/33712 to 213.221.XXX.YY/3658, using protocol TCP (on zone V1-Untrust,interface untrust) occurred 1 times **SNAP** etc... as the destination Ports dont seem to be interesting for any service i use, might there be a possibility for any worm or exploit in the wild? These alerts started ocurring about 3-4 weeks ago. -h --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- IPv4 fragmentation --> The Rose Attack hs (Apr 15)
- Re: IPv4 fragmentation --> The Rose Attack Valdis . Kletnieks (Apr 15)