packet too large and/or Ping Of Death ???

Drexx Laggui (drexxpacific.net.sg)
Thu, 04 Nov 1999 11:19:40 +0800

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Phil Cox: "Different firewalls and Port usage"
• Previous message: Brad Van Orden: "Re: Reverse proxy ??"
• Next in thread: Robert Graham: "Re: packet too large and/or Ping Of Death ???"
• Reply: Robert Graham: "Re: packet too large and/or Ping Of Death ???"
• Reply: Mikael Olsson: "Re: packet too large and/or Ping Of Death ???"
• Reply: Mikael Olsson: "Re: packet too large and/or Ping Of Death ???"

I'm sorry for the re-send, my e-mail got screwed up, but I really value your
input...

Drexx.

==================================================
Nov. 3, 1999

Hello world,

I need your collective experience/brain power to shed some light on what's
filling up my FireWall-1 logs and alarming also RealSecure...

I have a FireWall-1 controlling access to internal VLANs across Cabletron
switches. The RealSecure v3.0.2 constantly alerts with a Ping Of Death attack,
while the FireWall-1 reports that the packets are too large, with an IP Protocol
number of zero.

It maybe coincidental fact, but the internal networks are of IP address a.b.y.z,
yet the source/destination of the attacks reported are of y.z.a.b .
The weird thing is that I think that the Cabletron maybe mangling the packets
or something, therefore creating a lot of false positives on the RealSecure.

Any idea what is really happening? Thanks in advance,

Drexx Laggui.

• Next message: Phil Cox: "Different firewalls and Port usage"
• Previous message: Brad Van Orden: "Re: Reverse proxy ??"
• Next in thread: Robert Graham: "Re: packet too large and/or Ping Of Death ???"
• Reply: Robert Graham: "Re: packet too large and/or Ping Of Death ???"
• Reply: Mikael Olsson: "Re: packet too large and/or Ping Of Death ???"
• Reply: Mikael Olsson: "Re: packet too large and/or Ping Of Death ???"

This archive was generated by hypermail 2.0b3 on Fri Nov 05 1999 - 01:21:37 CST