Juniper SSG320M Teardrop Attack
Posted on 2014-01-13
We currently have a Juniper SSG320M at our colo and a SSG140 at our home office, we are running over an IPSEC VPN from our home office to our colo. I am getting Teardrop attack alerts every hour or so at our colo, the interesting thing is its reporting the attack coming from our home office IP. I already have Teardrop protection turned on at both locations for the Trust and Untrust interfaces. I am just having trouble figuring out why these attacks are occurring and where they are generated from. Any help in this matter would be great.
Teardrop attack! From 67.xxx.xxx.xxx to 63.xxx.xxx.xxx, proto 50 (zone Untrust, int ethernet0/2). Occurred 1 times.