%IP_VFR-3-OVERLAP_FRAGMENTS

Unanswered Question
Apr 28th, 2008

%IP_VFR-3-OVERLAP_FRAGMENTS: FastEthernet0/0: from the host 124.82.57.85 destined to 58.185.208.69


Hi,


Recently, router is getting this kind of msg.

Interface fa0/0 is outside interface to internet connection.


Is there anyone can advise me regarding this problem?

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
Goutam Sanyal Tue, 04/29/2008 - 00:10

Hi, As per CISCO:


%IP_VFR-3-OVERLAP_FRAGMENTS: [chars]: from the host [IP_address] destined to [IP_address]

The router has encountered overlap fragments. "Overlap fragment" means that the offset of one fragment overlaps the offset of another fragment. For example, if the offset of the first fragment is 0 and its length is 800, the offset of the second fragments offset must be 800. If the offset of the second fragment is less than 800, the second fragment overlaps the first fragment. This condition might indicate a hostile attack.


Recommended Action: Configure a static ACL to prevent further overlap fragments from the sender.


If you post the configuration (obesely by changing the required security field) then I can help you more.


Thanks

Goutam

Pls rate if I am informative.


Surya Dathan Tue, 04/29/2008 - 00:59

Hi Dude,


I also saw this from Cisco. Thanks for your help anyway.

My doubt is whether someone is trying to attack my network, if i configure static ACL to block the source, does it work?


Thanks.

Goutam Sanyal Tue, 04/29/2008 - 01:07

Hi, As per Cisco, it should work. Do you have any IDS/IPS in your network? Goutam

Nikos Nicolaides Sun, 07/24/2011 - 10:42

Hello,


We are facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about?

james.king14 Wed, 07/27/2016 - 10:55

Hello,


I show that this is an unanswered question.  Has anyone got some more information about this issue.  I am facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about

Kenneth Marchand Tue, 07/28/2015 - 09:25

Would you experiencing bouncing on the link to up/down or some type of latency? I am guessing yes since the link is playing catch up.

Actions

This Discussion