https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052587#M54535 <HTML><HEAD></HEAD><BODY><P> Dear wsulym,</P><P></P><P>Thanks for your feedback. Actually the windows that using is windows XP as well and they are detected alert 1203/0.</P><P>This is why i was finding patch for the windows XP. Is there any other solution for this problem?</P></BODY></HTML> Fri, 19 Oct 2012 02:51:17 GMT vijendran.packiam 2012-10-19T02:51:17Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052585#M54530 <P>I was unable to find the patches for the alert 1203/0 IP Fragment Overwrite.</P><P>When i go to the site "Microsoft IP Fragment Reassembly Patches".</P><P>I was unable to find patch for the Windows XP. If i go to the Windows NT4.0 Workstation i found out that the page cannot be found as well.</P><P>I need patch for Windows XP fof alert 1203/0 IP fragment Overwrite.Kindly assist on this please anyone.</P> Sun, 10 Mar 2019 12:48:06 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052585#M54530 vijendran.packiam 2019-03-10T12:48:06Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052586#M54533 <HTML><HEAD></HEAD><BODY><P>You don't see a windows XP patch because the vulnerability pre-dates XP's ship. If memory serves me correct (and a quick search showed nothing to the contrary), XP was not affected.</P></BODY></HTML> Tue, 16 Oct 2012 17:26:40 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052586#M54533 wsulym 2012-10-16T17:26:40Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052587#M54535 <HTML><HEAD></HEAD><BODY><P> Dear wsulym,</P><P></P><P>Thanks for your feedback. Actually the windows that using is windows XP as well and they are detected alert 1203/0.</P><P>This is why i was finding patch for the windows XP. Is there any other solution for this problem?</P></BODY></HTML> Fri, 19 Oct 2012 02:51:17 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052587#M54535 vijendran.packiam 2012-10-19T02:51:17Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052588#M54539 <HTML><HEAD></HEAD><BODY><P>Perhaps I don;t understand what you are asking.</P><P></P><P>Are you seeing alerts generated with a destination address of a Windows XP workstation?</P></BODY></HTML> Fri, 19 Oct 2012 14:00:41 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052588#M54539 wsulym 2012-10-19T14:00:41Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052589#M54542 <HTML><HEAD></HEAD><BODY><P>Dear wsulym,</P><P></P><P>Actually source and destination is Windows XP workstation. Thats why i was wondering how come 1203/0 alert is detected in WIndows XP workstation and when i find the patch for this alert it show page requested cannot found.</P><P></P><P>Kindly advice please.Thanks...</P></BODY></HTML> Mon, 22 Oct 2012 08:39:20 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052589#M54542 vijendran.packiam 2012-10-22T08:39:20Z https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052590#M54544 <HTML><HEAD></HEAD><BODY><P>The signature fires because traffic matching what it detects is seen.</P><P></P><P>The vulnerability was disclosed prior to winXP releasing, winXP is not vulnerable to this.</P><P></P><P>Why 2 winXP endpoints are sending traffic that triggers the signature - don't know - we'd have to look at the traffic that is being passed and match that to the alert that's firing. If you feel that this there is a false positive, I ask that you capture traffic and provide the alert that fires during that capture and either open a TAC case, or submit it here:</P><P><A class="jive-link-external-small" href="http://tools.cisco.com/security/center/ipshome.x?i=12&amp;shortna=ContactUS#ContactUS">http://tools.cisco.com/security/center/ipshome.x?i=12&amp;shortna=ContactUS#ContactUS</A></P></BODY></HTML> Mon, 22 Oct 2012 15:07:17 GMT https://community.cisco.com/t5/network-security/patch-for-alert-1203-0-ip-fragment-overwrite/m-p/2052590#M54544 wsulym 2012-10-22T15:07:17Z