Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS Signature: 1100

Hi,

Will the PIX IDS Signature "1100" also be able to detect fragmented GRE or ESP traffic ?

++++++++++++++++++++++

1100 IP Fragment Attack (Attack, Atomic)

Triggers when any IP datagram is received with the "more fragments" flag set to 1 or if there is an offset indicated in the offset field.

++++++++++++++++++++++

I had Fragmented GRE traffic being denied, when using the command "fragment chain 1 outside" but at the same time, the above signature was not triggered for this traffic.

I also have "sysopt permit-ipsec" defined. Are the IDS signatures not applied to sysopt permitted traffic ?

Regards,

Naman

101
Views
0
Helpful
0
Replies