A TCP segment with no control flags set is an anomalous event, causing various responses from the recipient, depending on the OS. Blocking packets with no flags set helps prevent OS system probes. When you enable the device to detect TCP segment headers with no flags set, the device drops all TCP packets with a missing or malformed flags field.
Before You Begin |
---|
For background information, read Understanding Operating System Probes. |
You can use either J-Web or the CLI configuration editor to block packets with no flags set.
This topic covers:
To configure screens:
To configure zones:
- user@host# set security screen ids-option
tcp-no-flag tcp tcp-no-flag
- user@host# set security zones security-zone
zone screen tcp-no-flag