Home > Archive > Cisco Security exams > October 2003 > IP fragment attacks





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author IP fragment attacks
sean34

2003-10-27, 3:56 pm

All,

Ive got a pix firewall with ids enabled and Im getting quite a few IP fragment attacks. Heres the output from show logging:

400007: IDS:1100 IP fragment attack from 66.193.x.x to 192.168.x.x on interface outside

My question is how do you go about verifying this is an actual attack or just a false positive. This is WAN traffic and Im not expecting it, so Im saying its an attack of some sort. I get hit from a few IPs and get hit multiple times.

If it is an attack what next? Contact their ISP or just ignore my logs?

thanks,

Sean
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net