Configuring TCP fin-no-ack Attack Screen
This topic describes how to configure detection of TCP fin-no-ack attack. A TCP header with the FIN flag set but not
the ACK flag is anomalous TCP behavior.
Configure the security screen option and attach it to the untrustZone as follows:
[edit] user@host# set security screen ids-option untrustScreen tcp fin-no-ack user@host# set security zones security-zone untrustZone screen untrustScreen user@host# set security screen ids-option untrustScreen alarm-without-drop