fin-no-ack (IDS Screen Next Gen Services)
Statement introduced in Junos OS Release 19.3R2 on MX Series routers (MX240, MX480 and MX960) running Next Gen Services with the MX-SPC3 services card.
Identify and drop any packet with a FIN flag set and without the ACK flag set. The TPC FIN No Ack attack can allow the attacker to identify the operating system of the target or to identify open ports on the target.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.