Why do I receive the alert that a suspiciously small data fragment has been blocked on Client Security?

Issue:

  • The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked
  • How to get rid of the warning if it is a false positive? 

Resolution:

This type of alerts might be related to a DDoS attack. If they appear on a network, they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer. 

Proceed to investigate the issue on a network level before applying the modification below. In practice packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers).

To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment. 

In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:
 

  1. Log into Policy Manager Console.
  2. Select the host or domain from the Domain tree.
  3. Go to the Settings tab and select the Advanced view.
  4. Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size.
  5. Set the Minimum Fragment Size to 0.
  6. Distribute the policy to the hosts.

Article no: 000001900

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
2 of 2
Last update:
‎09-10-2019 01:10 PM
Updated by: