Bad TCP hdr length

In almost every report we can find 2-3 messages in the “Warnings and notifications” section of the FireGen report about “Bad TCP hdr length” from an external IP address against the firewall interface (Pix code 5-500003). This means that the length of the TCP header sent by the host mentioned in the message is not valid. For example, the remote host may indicate that the TCP header is larger than the entire TCP packet and obviously that is not possible. According to Cisco this may happen from time to time but it should be infrequent. Two or three messages out of a few million qualifies as infrequent!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: