Configuring TCP SYN-FIN Attack Screen
This topic describes how to configure detection of a TCP SYN-FIN attack.
A TCP header with the SYN and FIN flags set is anomalous TCP behavior causing various responses from the recipient, depending on the OS. Blocking packets with SYN and FIN flags helps prevent the OS system probes.
Configure the security screen option and attach it to the untrustZone as follows:
[edit] user@host# set security screen ids-option untrustScreen tcp syn-fin user@host# set security zones security-zone untrustZone screen untrustScreen user@host# set security screen ids-option untrustScreen alarm-without-drop