Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1600
Views
0
Helpful
1
Replies

IP Fragment Incomplete Datagram attack in IPS

mustafa.papdheen
Level 1
Level 1

‎07-09-2011 10:48 PM - edited ‎03-10-2019 05:24 AM

Dear Support,

We are seeing "IP Fragment Incomplete Datagram" attack from 10.132.1.17 to 10.132.1.18 and vice versa. These servers are running in Windows 2003 OS but IPS shows IP fragment Incomplete datagram attack from above source to destination on multiple non standard destination port.

What is "IP gragment Incomplete Datagram" attack and why this is happening. Is anything needs to be done on this?

Regards

papdheen M

Labels:
0 Helpful
1 Reply 1

Dustin Ralich
Cisco Employee
Cisco Employee

‎07-13-2011 06:39 AM

You can review signature details by searching Cisco's Security Intelligence Operations site.

A quick search for "IP Fragment Incomplete Datagram" reveals SIG 1208.0:

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=1208&signatureSubId=0&softwareVersion=6.0&releaseVersion=S212

Details include a description of what the signature is inspecting for and known benign triggers (false positives).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card