Configuring tcp-no-flag Attack Screen
This topic describes how to configure detection of a tcp-no-flag attack.
A TCP segment with no control flags set is an anomalous event causing various responses from the recipient. When the TCP no-flag is enabled, the device detects the TCP segment headers with no flags set, and drops all TCP packets with missing or malformed flag fields.
Configure the security screen option and attach it to the untrustZone as follows:
[edit] user@host# set security screen ids-option untrustScreen tcp tcp-no-flag user@host# set security zones security-zone untrustZone screen untrustScreen user@host# set security screen ids-option untrustScreen alarm-without-drop