[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Configuring the Router to Drop Packets with the SYN and FIN
Bits Set
By default, the router accepts packets that have
both the SYN and FIN bits set in the TCP flag. You can configure the
router to drop packets with both the SYN and FIN bits set. Accepting
packets with the SYN and FIN bits set can result in security vulnerabilities,
such as denial-of-service attacks. To configure the router to drop
such packets, include the tcp-drop-synfin-set statement at
the [edit system internet-options] hierarchy level:
- [edit system internet-options]
-
tcp-drop-synfin-set;
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
