|Check Point Reference:||SBP-2008-19|
|Date Published:||15 Aug 2008|
|Last Updated:||Sunday 14 March, 2010|
|Source:||IPS Research Center|
|Protection Provided by:|
|Who is Vulnerable?||Computers and Networks|
|Vulnerability Description||The Packet Sanity protection performs several Layer 3 and Layer 4 sanity checks. These include verifying packet size, UDP and TCP header lengths, dropping IP options and verifying the TCP flags.
Numerous types of attacks may be hidden in fragmented packets.
|Vulnerability Details||Even if Packet Sanity is Inactive or Detect Only, the following sanity verifications are still enforced and, when applicable, these packets are dropped and the event is logged: