[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking Packets with FIN Flag/No ACK Flag Set

A TCP header with the FIN flag set but not the ACK flag is anomalous TCP behavior, causing various responses from the recipient, depending on the OS. Blocking packets with the FIN flag and without the ACK flag helps prevent OS system probes.

Before You Begin

For background information, read Understanding Operating System Probes.

To block packets with the FIN flag set but not the ACK flag, use either the J-Web or JUNOS CLI configuration editor.

user@host# set security screen ids-option <screen> tcp fin-no-ack
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]