Denial of Service "IP Fragmentation Overlap" attack detected.
Created: 20 Jan 2012 | 1 comment
ok so at 1:50 today a lot of machines in our company get kicked off the network. All of our IP phones rebooted. Then an even weirder thing occurred when all versions of Outlook 2010 now have the box checked under delay delivery till 1/20/2012 at 5pm. I am not sure if this was happened when the netowkr went crazy. I looked on one of my servers and found this in the log.
6 1/20/2012 1:49:12 PM Denial of Service Major Incoming UDP 192.168.1.2 00-1E-C9-34-35-91 228.1.2.4 01-00-5E-01-02-04 user CIC Default 1 1/20/2012 1:49:00 PM 1/20/2012 1:49:00 PM Denial of Service "IP Fragmentation Overlap" attack detected.
Now the incoming UDP fo 192.168.1.2 is the IP of ther server i took this from in the SEP log. I am not sure what 228.1.2.4 is either. What should my next step be to ensure i am not DOSing my whole lan again. Thanks.
Discussion Filed Under:
Comments
Try out
Try out this.
http://www.symantec.com/business/support/index?page=content&id=TECH91729&actp=search&viewlocale=en_US&searchid=1327134996114
Exclude the SID from Logging and Blocking
Regards'
Ajit Jha
Technical Consultant
STS
Would you like to reply?
Login or Register to post your comment.