cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19476
Views
12
Helpful
6
Replies

%IP_VFR-3-OVERLAP_FRAGMENTS

Subash Sharma
Level 1
Level 1

%IP_VFR-3-OVERLAP_FRAGMENTS: FastEthernet0/0: from the host 124.82.57.85 destined to 58.185.208.69

Hi,

Recently, router is getting this kind of msg.

Interface fa0/0 is outside interface to internet connection.

Is there anyone can advise me regarding this problem?

Thanks.

6 Replies 6

Goutam Sanyal
Level 4
Level 4

Hi, As per CISCO:

%IP_VFR-3-OVERLAP_FRAGMENTS: [chars]: from the host [IP_address] destined to [IP_address]

The router has encountered overlap fragments. "Overlap fragment" means that the offset of one fragment overlaps the offset of another fragment. For example, if the offset of the first fragment is 0 and its length is 800, the offset of the second fragments offset must be 800. If the offset of the second fragment is less than 800, the second fragment overlaps the first fragment. This condition might indicate a hostile attack.

Recommended Action: Configure a static ACL to prevent further overlap fragments from the sender.

If you post the configuration (obesely by changing the required security field) then I can help you more.

Thanks

Goutam

Pls rate if I am informative.

Hi Dude,

I also saw this from Cisco. Thanks for your help anyway.

My doubt is whether someone is trying to attack my network, if i configure static ACL to block the source, does it work?

Thanks.

Hi, As per Cisco, it should work. Do you have any IDS/IPS in your network? Goutam

Hello,

We are facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about?

TIA, Nicos Nicolaides

Hello,

I show that this is an unanswered question.  Has anyone got some more information about this issue.  I am facing the same problem in our network; only that the remote host is a branch firewall connected via IPsec VPN to our HQ. Is this something to worry about

Would you experiencing bouncing on the link to up/down or some type of latency? I am guessing yes since the link is playing catch up.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: