What does the log “abnormal TCP flag attack detected” mean?
Zyxel Employee
Question: What does the log “abnormal TCP flag attack detected” mean?
Answer:
A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets.
This issue occurs when the device receives packets with:
(1) ALL TCP flags bit are set at same time.
(2) SYN, FIN bits are set at same time.
(3) SYN, RST bits are set at same time.
(4) FIN, RST bits are set at same time. (usually occurs on the Mac OS)
(5) Only FIN bit is set.
(6) Only PSH bit is set.
(7) Only URG bit is set.
If you are sure these packets are safe, enter the following CLI commands to disable this detection
Router# configure terminal
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 454 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 435 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight