First post… new user. Using netflow here, and seeing 2 log alerts
blocked by protocl analysis - fragmented ip packet
" fake or malformed udp packet
(udp packet length and size on wire don’t match) … prob because its fragmented.
Now, I can turn off protocol analysis, and block fragmented ip datagrams but I’d rather not do this.
Is there any customization I’m missing where you can change the specific protocol analysis if it is coming from a specific ip? (its not an application monitoring issue). Cisco uses fragmentation for netflow so its a performance issue.