Why do I receive the alert that a suspiciously small data fragment has been blocked on Client Securi
- The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked
- How to get rid of the warning if it is a false positive?
This type of alerts might be related to a DDoS attack. If they appear on a network, they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer.
Proceed to investigate the issue on a network level before applying the modification below. In practice packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers).
To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment.
In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:
- Log into Policy Manager Console.
- Select the host or domain from the Domain tree.
- Go to the Settings tab and select the Advanced view.
- Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size.
- Set the Minimum Fragment Size to 0.
- Distribute the policy to the hosts.
Article no: 000001900