What was the time period between these events? Are these isolated or are they part of a large number of events? Are you seeing any ICMP or scan activity after these events from any IP?

If they are a minute or so apart, isolated and with scans or ICMP events subsequent then this looks a lot like some little kiddie "playing" with tools. He's probably been out and d/led a couple and has picked an IP or a block at random and you were IT.

If this is the case I wouldn't worry too much. Furthermore if your firewall is set to drop all unrequested incoming packets these attacks can't work since the purpose is to overflow the buffers when the fragments are being reassembled. That should take place after the firewall - well any real firewall - hence if they never get past the firewall they can never do any harm. As Dr. Toker pointed out these kind of attacks usually don't have a high rate of packet transmission because a) they don't need it, and b) it may cause the attack to be detected by systems designed to stop or report it so you are unlikely to suffer a denial of service due to bandwidth being reduced.