An attack on just a confused device on the LAN?
What do you think about this FSCS Internet Shield pop-up warning screenshot?
My theory is, it's not a "too short datagram" hacker attack, but maybe somebody brought a new device into the school's network, which is unable to obtain an IP address from DHCP, so it gave itself an IPv6 SLAAC address (FE80:...) and is sending Simple Service Discovery Protocol multicast announcements to the Link-local sphere (target address "FF02::C") for whatever reasons.
On the other hand, this kind of traffic apparently has something to do with UPnP, so I'm a bit worried.
I think the customer could tick the box for "No longer show alert" as seen in the local UI screenshot and have the event blocked silently.
Is it a good idea to reduce the "block IP fragments shorter than" value from the default value of 128 or even enter 0 to turn it off? It was only ever necessary some years ago with GSM (mobile network) based net access, as far as I remember.
Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.
Screenshot of local GUI