What does the log “abnormal TCP flag attack detected” mean?
Zyxel Employee
Question: What does the log “abnormal TCP flag attack detected” mean?
Answer:
A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets.
This issue occurs when the device receives packets with:
(1) ALL TCP flags bit are set at same time.
(2) SYN, FIN bits are set at same time.
(3) SYN, RST bits are set at same time.
(4) FIN, RST bits are set at same time. (usually occurs on the Mac OS)
(5) Only FIN bit is set.
(6) Only PSH bit is set.
(7) Only URG bit is set.
If you are sure these packets are safe, enter the following CLI commands to disable this detection
Router# configure terminal
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight