I just got a bunch of these in my firewall logs. The box routes real ip's (no-masq). Does anyone recogize these types packets? Is it just a fragmented portscan or something more dangerous? The x address is from outside and the y is inside...
Feb 4 12:54:33 cone kernel: Suspect short first fragment. Feb 4 12:54:33 cone kernel: eth1 PROTO=6 xx.xx.xx.xx:0 yy.yy.yy.yy:0 L=24 S=0x00 I=19033 F=0x2000 T=112 (#0) Feb 4 12:54:33 cone kernel: Suspect short first fragment. Feb 4 12:54:33 cone kernel: eth1 PROTO=6 xx.xx.xx.xx:0 yy.yy.yy.yy:0 L=24 S=0x00 I=19545 F=0x2000 T=112 (#0) thanks -mike
