TCP.Bad.Flags
Description
This indicates detection of a TCP packet with an abnormal flag setting.
TCP packets with the following bits set are considered part of the reconnaissance activities used by attackers to facilitate other attacks:
- Only FIN flag set
- None of the control bits set
- Both SYN and FIN flags set
- All of the control bits(ACK, FIN, PSH, RST, SYN, and URG) set (XMAX Scan)
- SYN, FIN, PSH and URG bits set (NMAP fingerprint)
- FIN, PSH, URG and both reserved bits set (NMAP XMAS)
Affected Products
Any unprotected system connected to the Internet is vulnerable to the attack.
Impact
Protocol Anomaly: Attackers can gain system information to prepare for further attacks.
Recommended Actions
This signature's action can be set to "Block" to protect against this threat.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |