[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking Packets with No Flags Set

A TCP segment with no control flags set is an anomalous event, causing various responses from the recipient, depending on the OS. Blocking packets with no flags set helps prevent OS system probes. When you enable the device to detect TCP segment headers with no flags set, the device drops all TCP packets with a missing or malformed flags field.

Before You Begin
For background information, read Understanding Operating System Probes.

To block packets with no flags set, use either the J-Web or JUNOS CLI configuration editor.



user@host# set security screen tcp-no-flag tcp tcp-no-flag

user@host# set security zones security-zone zone screen
tcp-no-flag

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]