What does the log “abnormal TCP flag attack detected” mean?
Zyxel Employee
Question: What does the log “abnormal TCP flag attack detected” mean?
Answer:
A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets.
This issue occurs when the device receives packets with:
(1) ALL TCP flags bit are set at same time.
(2) SYN, FIN bits are set at same time.
(3) SYN, RST bits are set at same time.
(4) FIN, RST bits are set at same time. (usually occurs on the Mac OS)
(5) Only FIN bit is set.
(6) Only PSH bit is set.
(7) Only URG bit is set.
If you are sure these packets are safe, enter the following CLI commands to disable this detection
Router# configure terminal
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight