Posts Tagged ‘Bad TCP header length’

Bad TCP hdr length

September 12, 2008

In almost every report we can find 2-3 messages in the “Warnings and notifications” section of the FireGen report about “Bad TCP hdr length” from an external IP address against the firewall interface (Pix code 5-500003). This means that the length of the TCP header sent by the host mentioned in the message is not valid. For example, the remote host may indicate that the TCP header is larger than the entire TCP packet and obviously that is not possible. According to Cisco this may happen from time to time but it should be infrequent. Two or three messages out of a few million qualifies as infrequent!

Advertisements