SENSOR: Re-assembly Buffer Memory Exhausted (alert in the Alert Viewer)
Last Modified: 2024-01-23 13:26:05 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
SENSOR: Re-assembly Buffer Memory Exhausted (alert in the Alert Viewer)
Technical Articles ID:
KB50406
Last Modified: 2024-01-23 13:26:05 Etc/GMT EnvironmentTrellix Intrusion Prevention System (Trellix IPS)
ProblemYou see the following alert in the Alert Viewer:
Even if the attack is disabled in the Sensor policy, the alert is still generated and appears in the Alert Viewer. CauseYou can't disable the alert. This behavior is expected. The alert indicates system resource exhaustion, which isn't an actual attack. But, an IDS evasion attempt by attackers can cause it.
SolutionTechnical Support recommends that you investigate the reason why there are so many orphaned IP fragments occurring in the network that can't be reassembled successfully (for example, not all fragments of an IP packet arrive).
To investigate the source of the issue:
Previous Document ID (Secured)
612467
Affected ProductsLanguages:This article is available in the following languages: |
|