[Dshield] Malformed Ip packet

Todd, Noel ntodd at acehardware.com
Fri Jan 16 17:44:56 GMT 2004


I see the same thing in my sonicwall log however the source and destination ip's are always 0.0.0.0

I think I finally figured it out. It seems to be an attack on older versions of apache web server. A large POST on a apache web page that allows 276 of some characters has been crashing my sonicwall. I just compiled a new version of apache. I will change the POST form tonight and put the site back up to see the results. It seems to take the sonicwall cpu to 100% usage or a buffer overflow that locks up the wan port. Sonicwall has been of little help.

Hope this helps. 




More information about the list mailing list