Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2449
Views
5
Helpful
2
Replies

Reg. teardrop error in ASA

ankurs2008
Level 1
Level 1

‎12-31-2008 12:03 AM - edited ‎03-11-2019 07:31 AM

Hi

I am getting this error in ASA Firewall

106020: Deny IP teardrop fragment (size = 40, offset = 0)from 192.168.2.112 to 172.16.100.5.Can somebody please help me out in this regard

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Pravin Phadte
Level 5
Level 5

‎12-31-2008 02:59 AM

It is a log and most ignored.

Unless you have the problem with the ip address shown above.

Cisco expains:

Explanation The security appliance discarded an IP packet with a teardrop signature containing either a small offset or fragment overlapping. This is a hostile event that circumvents the security appliance or an Intrusion Detection System.

Recommended Action Contact the remote peer administrator or escalate this issue according to your security policy.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to Pravin Phadte

‎12-31-2008 09:00 AM

A teardrop attack is where the packets that are sent to the network are fragmented with overlapping values. When the packet is reassembled, the system can become unstable because the packets overlap.

Not knowing the way that your network is laid out, you can block this IP if you're seeing a lot of it. It possibly could be a bad nic, ip stack, virus, malware, or an actual attack. You'd have to track that system down to determine what's going on with it.

HTH,

John

*please rate if helpful*

HTH, John *** Please rate all useful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card