[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking Packets with SYN and FIN Flags Set

A TCP header with the SYN and FIN flags set is anomalous TCP behavior, causing various responses from the recipient, depending on the OS. Blocking packets with SYN and FIN flags helps prevent OS system probes.

Before You Begin

For background information, read Understanding Operating System Probes.

To block packets with both the SYN and FIN flags set, use the JUNOS CLI configuration editor.

user@host# set security screen syn-fin tcp syn-fin
user@host# set security zones security-zone zone screen syn-fin
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]