[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] TCP fragment

Subject: RE: [cobalt-users] TCP fragment
From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
Date: Wed Feb 13 01:58:11 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>   Any ideas of what the following message means?
> 
> Feb  8 00:19:35 ns kernel: Suspect TCP fragment.
> Feb  8 00:19:35 ns kernel: eth0 PROTO=6 67.8.24.34:0 
> 64.65.33.119:0 L=40 S=0x00 I=0 F=0x0001 T=237 (#0)
> 
>    Thanks for any help!
> 
Hi,

This is a possible attempted DOS attack on your machine, so you should
make sure your firewall is in place and doing its job.
In the kernel source there is a little blurb about it:
	  /*
         *      Don't allow a fragment of TCP 8 bytes in. Nobody
         *      normal causes this. Its a cracker trying to break
         *      in by doing a flag overwrite to pass the direction
         *      checks.
         */


Regards,
andy@xxxxxxxxxxxxxxxxxxxxx
http://ineedlinux.info/

Prev by Date: RE: [cobalt-users] Apache DNS lookups
Next by Date: Re: [cobalt-users] Apache DNS lookups
Previous by thread: RE: [cobalt-users] POP before SMTP? where?
Next by thread: [cobalt-users] [RaQ4] Ready to use OS update 2.0

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index