- The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked
- How to get rid of the warning if it is a false positive?
By default the F-Secure Firewall drops packet fragments which are below 128 bytes. In practice a packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers).
If packets with a size below 128 bytes appear on a network, they could be related to a DDoS attack or they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer.
Try to investigate what is sending that packet.
To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment.
In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:
- Log into Policy Manager Console
- Select the host or domain from the Domain tree
- Go to the Settings tab and select the Advanced view
- Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size
- Set the Minimum Fragment Size to 0
- Distribute the policy to the hosts
Article no: 000001900