Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Reg. teardrop error in ASA

Hi

I am getting this error in ASA Firewall

106020: Deny IP teardrop fragment (size = 40, offset = 0)from 192.168.2.112 to 172.16.100.5.Can somebody please help me out in this regard

2 REPLIES

Re: Reg. teardrop error in ASA

It is a log and most ignored.

Unless you have the problem with the ip address shown above.

Cisco expains:

Explanation The security appliance discarded an IP packet with a teardrop signature containing either a small offset or fragment overlapping. This is a hostile event that circumvents the security appliance or an Intrusion Detection System.

Recommended Action Contact the remote peer administrator or escalate this issue according to your security policy.

Re: Reg. teardrop error in ASA

A teardrop attack is where the packets that are sent to the network are fragmented with overlapping values. When the packet is reassembled, the system can become unstable because the packets overlap.

Not knowing the way that your network is laid out, you can block this IP if you're seeing a lot of it. It possibly could be a bad nic, ip stack, virus, malware, or an actual attack. You'd have to track that system down to determine what's going on with it.

HTH,

John

*please rate if helpful*

HTH, John *** Please rate all useful posts ***
920
Views
0
Helpful
2
Replies
CreatePlease to create content