[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking Packets with FIN Flag/No ACK Flag Set

A TCP header with the FIN flag set but not the ACK flag is anomalous TCP behavior, causing various responses from the recipient, depending on the OS. Blocking packets with the FIN flag and without the ACK flag helps prevent OS system probes.

Before You Begin

For background information, read Understanding Operating System Probes.

You can use either J-Web or the CLI configuration editor to block packets with the FIN flag set but not the ACK flag.

This topic covers:

J-Web Configuration

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Screen, click Configure.
  4. Next to Ids option, click Add new entry.
  5. In the Name box, type screen.
  6. Next to Tcp, click Configure.
  7. Next to Fin no ack, select the check box and click OK.
  8. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security screen ids-option <screen> tcp fin-no-ack

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]