Suspect short first fragment
I just got a bunch of these in my firewall logs. The box routes real
ip's (no-masq). Does anyone recogize these types packets? Is it just a
fragmented portscan or something more dangerous? The x address is from
outside and the y is inside...
Feb 4 12:54:33 cone kernel: Suspect short first fragment.
Feb 4 12:54:33 cone kernel: eth1 PROTO=6 xx.xx.xx.xx:0 yy.yy.yy.yy:0
L=24 S=0x00
I=19033 F=0x2000 T=112 (#0)
Feb 4 12:54:33 cone kernel: Suspect short first fragment.
Feb 4 12:54:33 cone kernel: eth1 PROTO=6 xx.xx.xx.xx:0 yy.yy.yy.yy:0
L=24 S=0x00
I=19545 F=0x2000 T=112 (#0)
thanks
-mike
Reply to: