OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: packet too large and/or Ping Of Death ???

packet too large and/or Ping Of Death ???


Drexx Laggui (drexxpacific.net.sg)
Thu, 04 Nov 1999 11:19:40 +0800


I'm sorry for the re-send, my e-mail got screwed up, but I really value your
input...

Drexx.

==================================================
Nov. 3, 1999

Hello world,

I need your collective experience/brain power to shed some light on what's
filling up my FireWall-1 logs and alarming also RealSecure...

I have a FireWall-1 controlling access to internal VLANs across Cabletron
switches. The RealSecure v3.0.2 constantly alerts with a Ping Of Death attack,
while the FireWall-1 reports that the packets are too large, with an IP Protocol
number of zero.

It maybe coincidental fact, but the internal networks are of IP address a.b.y.z,
yet the source/destination of the attacks reported are of y.z.a.b .
The weird thing is that I think that the Cabletron maybe mangling the packets
or something, therefore creating a lot of false positives on the RealSecure.

Any idea what is really happening? Thanks in advance,

Drexx Laggui.



This archive was generated by hypermail 2.0b3 on Fri Nov 05 1999 - 01:21:37 CST