OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
ISS/XForce Archives: RE: packet too large? Png Of Death?

RE: packet too large? Png Of Death?

Axel FALCK (afalckiss.net)
Tue, 16 Nov 1999 10:14:08 +0100

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Hi Drexx,

On way for your investigations.

RealSecure v3.0.2 doesn't exists. Verify the version number !!

The IP protocol Violation number 0 is affected at IPv6 Hop By Hop option
(RFC1883)

I hope this helps

Axel

-----Message d'origine-----
De: Drexx Laggui [SMTP:drexxpacific.net.sg]
Date: mercredi 3 novembre 1999 12:22
A: issforumiss.net
Objet: packet too large? Png Of Death?

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

Hello world,

Why is the packet too large??? Is it a variation of the Ping Of Death ???

I have a FireWall-1 controlling access to VLANs across Cabletron switches.
The RealSecure v3.0.2 constantly alerts with a Ping Of Death attack, while
the FireWall-1 reports that the packets are too large, with an IP Protocol
number of zero.

It maybe coincidental fact, but the internal networks are of IP address
a.b.y.z,
yet the source/destination of the attacks reported are of y.z.a.b .
The weird thing is that I think that the Cabletron maybe mangling the
packets
or something, therefore creating a lot of false positives on the RealSecure.

Any idea what is really happening? Thanks in advance,

Drexx Laggui.

This archive was generated by hypermail 2.0b3 on Tue Nov 16 1999 - 20:52:44 CST