TCP.With.FIN.Flag.Only
Description
This indicates TCP packets with the FIN flag only ("TCP Headers With FIN Only"). Normally, TCP FIN packets also have the ACK flag to acknowledge the previous packet received.
"TCP FIN Without ACK" can be used to do FIN scan or evade detection.
Affected Products
Any Operating System may be affected.
Impact
Fingerprinting
Security Bypass
Recommended Actions
If required, this signature's action can be set to "Block" to drop such packets.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |