This sounds like a DOS attack. By sending you many fragmented packets the attacker could consume a lot of the memory on your machine. You could counter this by blocking all IP fragments on your firewall, but that would also prevent legitimate activities. The attacker is most likly spoofing the IP addresses which you are seeing, so if it is a DOS, tracking it down will be difficult. -- Jamie Gamble > Note More Fragments and Don't fragment are both set to 1?? > > The packets arrive in pairs, both to the same destination address. > > Some sources send packets to just one destination others send them > to many. > > When I look in the argus logs I see a single RST packet and argus does > not report that it was fragmented. > > Any idea what is going on? > > Russell Fulton, Computer and Network Security Officer > The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 10:04:13 PDT