%IP_VFR-3-OVERLAP_FRAGMENTS

Unanswered Question
Apr 28th, 2008
User Badges:

%IP_VFR-3-OVERLAP_FRAGMENTS: FastEthernet0/0: from the host 124.82.57.85 destined to 58.185.208.69


Hi,


Recently, router is getting this kind of msg.

Interface fa0/0 is outside interface to internet connection.


Is there anyone can advise me regarding this problem?

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
Goutam Sanyal Tue, 04/29/2008 - 00:10
User Badges:
  • Silver, 250 points or more

Hi, As per CISCO:


%IP_VFR-3-OVERLAP_FRAGMENTS: [chars]: from the host [IP_address] destined to [IP_address]

The router has encountered overlap fragments. "Overlap fragment" means that the offset of one fragment overlaps the offset of another fragment. For example, if the offset of the first fragment is 0 and its length is 800, the offset of the second fragments offset must be 800. If the offset of the second fragment is less than 800, the second fragment overlaps the first fragment. This condition might indicate a hostile attack.


Recommended Action: Configure a static ACL to prevent further overlap fragments from the sender.


If you post the configuration (obesely by changing the required security field) then I can help you more.


Thanks

Goutam

Pls rate if I am informative.


Surya Dathan Tue, 04/29/2008 - 00:59
User Badges:

Hi Dude,


I also saw this from Cisco. Thanks for your help anyway.

My doubt is whether someone is trying to attack my network, if i configure static ACL to block the source, does it work?


Thanks.

Goutam Sanyal Tue, 04/29/2008 - 01:07
User Badges:
  • Silver, 250 points or more

Hi, As per Cisco, it should work. Do you have any IDS/IPS in your network? Goutam

Nikos Nicolaides Sun, 07/24/2011 - 10:42
User Badges:

Hello,


We are facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about?

james.king14 Wed, 07/27/2016 - 10:55
User Badges:

Hello,


I show that this is an unanswered question.  Has anyone got some more information about this issue.  I am facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about

Kenneth Marchand Tue, 07/28/2015 - 09:25
User Badges:

Would you experiencing bouncing on the link to up/down or some type of latency? I am guessing yes since the link is playing catch up.

Actions

This Discussion