Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FragGuard and Virtual Re-assembly

Hi folk,

Any idea what the subject above on pix 5.1 does ?

Apparently I'm receiving a huge number of error messages pertaining to it:

fh_insertb: too many fragments(12) in set

If it's a security attack, how can i stop it ?

3 REPLIES
Bronze

Re: FragGuard and Virtual Re-assembly

Which exact version of PIX are you running (5.1(x))? There was a bug in early 5.1 code you might be running into. If you’re on 5.1(4) and you are still getting a lot of frags, the PIX is doing it’s job by blocking them. If you need to know about them, put a sniffer/analyzer on that wire and look at the fragments to learn what’s going on.

New Member

Re: FragGuard and Virtual Re-assembly

Hi,

I am getting this same error, but only when I transmit packet from a UNIX enviornment to an NY enviorment. I am running 5.1(4). Any help would be appreciated.

New Member

Re: FragGuard and Virtual Re-assembly

Some Unix (Linux e.g.) transmit IP fragments in revers order. Fragmented Linux packets will not pass through the Pix with sysopt security fragguard enabled.

96
Views
0
Helpful
3
Replies
CreatePlease login to create content