cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
488
Views
0
Helpful
3
Replies

FragGuard and Virtual Re-assembly

robin
Level 1
Level 1

Hi folk,

Any idea what the subject above on pix 5.1 does ?

Apparently I'm receiving a huge number of error messages pertaining to it:

fh_insertb: too many fragments(12) in set

If it's a security attack, how can i stop it ?

3 Replies 3

b.speltz
Level 4
Level 4

Which exact version of PIX are you running (5.1(x))? There was a bug in early 5.1 code you might be running into. If you’re on 5.1(4) and you are still getting a lot of frags, the PIX is doing it’s job by blocking them. If you need to know about them, put a sniffer/analyzer on that wire and look at the fragments to learn what’s going on.

Hi,

I am getting this same error, but only when I transmit packet from a UNIX enviornment to an NY enviorment. I am running 5.1(4). Any help would be appreciated.

Some Unix (Linux e.g.) transmit IP fragments in revers order. Fragmented Linux packets will not pass through the Pix with sysopt security fragguard enabled.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: