Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Fragmented Packet

from [Wozny, Scott (US - New York)] Network Security [Permanent Link]
Subject: RE: Fragmented Packet
Date: Thu, 18 Nov 2004 11:50:06 -0500 
It's telling you that it found a fragmented UDP packet and dropped it.
UDP, in general, is used for connectionless delivery of smaller pieces
of information of limited criticality.  Beyond that you'd need to look
at the packet with a protocol analyzer (or at least use a tool that
provides a little more data than this log) to get more information.  It
really could be one of about 1.2 million different things.  If you're
new and really want to learn I recommend a very through understanding of
the TCP/IP protocol suite to start with.  Without it, it's nearly
impossible to really understand what's passing across the wire in front
of you and whether it's good, bad or indifferent.  
 
I recommend newbies start here and do further research based upon what
questions arise from this info:
 
http://www.networksorcery.com/enp/default0604.htm  (Click on the "IP
Protocol Suite" link and start reading and following links; it's all
interconnected so if you're a linear learner, you might want to do
yourself a favour and go out and buy a textbook on IP instead)
 
Good luck,
 
Scott
-----Original Message-----
From: Joe Grinnell [mailto:joe.grinnell@axisci.com] 
Sent: Tuesday, November 16, 2004 2:59 PM
To: firewalls@securityfocus.com
Subject: Fragmented Packet



        Hi,  I'm pretty new to firewalls and have just installed a
SonicWALL Pro230 with all the default settings.  Anyway, I'm starting to
see a lot of activity to a few different PC's in my DMZ from the below
source.  Anyone know what the heck is going on here?  Any help would be
very much appreciated.

        11/16/2004 03:05:46.816 - Fragmented Packet Dropped - Source:
83.102.166.24, 17, WAN - Destination: XXX.XXX.XXX.XXX, DMZ - Protocol:
17 -

        11/16/2004 03:08:46.816 - Fragmented Packet Dropped - Source:
83.102.166.53, 17, WAN - Destination: XXX.XXX.XXX.XXX, DMZ - Protocol:
17 -

        11/16/2004 03:16:46.816 - Fragmented Packet Dropped - Source:
83.102.166.84, 17, WAN - Destination: XXX.XXX.XXX.XXX, DMZ - Protocol:
17 -

        11/16/2004 03:23:46.816 - Fragmented Packet Dropped - Source:
83.102.166.204, 17, WAN - Destination: XXX.XXX.XXX.XXX, DMZ - Protocol:
17 -

        Thanks in advance.  I really need to get my learn on.

        Joe Grinnell
        network security wannabe



This message (including any attachments) contains confidential information 
intended for a specific individual and purpose, and is protected by law.  If 
you are not the intended recipient, you should delete this message.  Any 
disclosure, copying, or distribution of this message, or the taking of any 
action based on it, is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Pix Alias command help needed., Chad Thomsen
Next by Date:  FW-1 VPN's for SecuRemote and site to site connections, West, Matthew J
Previous by Thread:  RE: Fragmented Packet, Shane Mahon
Next by Thread:  RE: Fragmented Packet, Jason Ha
Indexes:  [Date] [Thread] [Top] [All Lists]