Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
10
Helpful
3
Replies

Impossible IP packet

bmcelyea
Level 1
Level 1

‎11-08-2006 12:54 PM - edited ‎03-10-2019 03:18 AM

We just configured a brand new router. The IDS portion of the router keeps firing on "Impossible ip packet" The source and destination addresses of the alert are the routers external ip address. Any ideas what might be causing this?

Labels:
0 Helpful
3 Replies 3

mhellman
Level 7
Level 7

‎11-09-2006 10:34 AM

grap a copy of the packet and post it. That should help identify.

0 Helpful

mmarlowe
Level 1
Level 1

‎11-09-2006 11:25 AM

I've seen this consistently when configuring GRE/IP tunnels. I ended up disabling the ips signature.

scothrel
Level 3
Level 3

‎11-14-2006 05:58 AM

If the IDS is presented a packet with the same IP address as both source and destination, that will trigger the "impossible IP Packet" alarm. The signature was originally written to flag packets that should not be seen on a network, including things like source IP is a broadcast address.... Normally a same IP source/dest packet would be processed on a host system's internal network loop and never be sent over the wire unless the host was misconfigured (we have seen misconfigured Linux hosts do this). With the embedding of IDS/IPS into network routing gear, it might be (apparently is) possible to have this happen in a legitimate configuration. Our suggestion would be to verify that your router config is correct and working the way you want it and if so, to either disable the signature or exlude the router's address from the alarm channel.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card