TCP: Options Error MSS In Non-SYN Packet

This protocol anomaly triggers when it detects a Maximum Segment Size (MSS) option in a non-SYN packet. The MSS option should appear only in SYN packets. While abnormal, these packets are harmless.

Extended Description

Because maximum packet size negotiation occurs only at the beginning of a session, MSS options should never be observed in non-SYN packets. Detection of MSS options in non-SYN packets could indicate a data transmission error has occurred, or that a malicious party is injecting malformed packets into a targeted network. The impact of such packets depends on the implementation of the TCP clients and servers that handle the packet.

Short Name
TCP:OPTERR:NONSYN-MSS
Severity
Info
Recommended
False
Recommended Action
None
Category
TCP
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown

Found a potential security threat?