The IP encapsulates a TCP SYN segment in the IP packet that initiates a TCP connection. Because the purpose of this packet is to initiate a connection and invoke a SYN/ACK segment in response, the SYN segment typically does not contain any data. Because the IP packet is small, there is no legitimate reason for it to be fragmented.
|
Before You Begin |
|---|
|
For background information, read Suspicious Packet Attributes Overview. |
A fragmented SYN packet is anomalous, and as such it is suspect. To be cautious, block such unknown elements from entering your protected network. See Figure 42.
Figure 42: SYN Fragments
When you enable the SYN fragment detection SCREEN option, JUNOS software detects packets when the IP header indicates that the packet has been fragmented and the SYN flag is set in the TCP header. JUNOS software records the event in the SCREEN counters list for the ingress interface.
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |