Amer Networks E5Web GUI User Manual

TCP SYN/RST

The TCP RST flag together with SYN; normally invalid (strip=strip RST).

Default: DropLog

TCP SYN/FIN

The TCP FIN flag together with SYN; normally invalid (strip=strip FIN).

Default: DropLog

TCP FIN/URG

Specifies how cOS Core will deal with TCP packets with both FIN (Finish, close connection) and
URG flags turned on. This should normally never occur, as it is not usually attempted to close a
connection at the same time as sending "important" data. This flag combination could be used to
crash poorly implemented TCP stacks and is also used by OS Fingerprinting.

Default: DropLog

TCP URG

Specifies how cOS Core will deal with TCP packets with the URG flag turned on, regardless of any
other flags. Many TCP stacks and applications deal with Urgent flags in the wrong way and can,
in the worst case scenario, cease working. Note however that some programs, such as FTP and
MS SQL Server, nearly always use the URG flag.

Default: StripLog

TCPE ECN

Specifies how cOS Core will deal with TCP packets with either the Xmas or Ymas flag turned on.
These flags are currently mostly used by OS Fingerprinting.

It should be noted that a developing standard called Explicit Congestion Notification also makes
use of these TCP flags, but as long as there are only a few operating systems supporting this
standard, the flags should be stripped.

Default: StripLog

TCP Reserved Field

Specifies how cOS Core will deal with information present in the "reserved field" in the TCP
header, which should normally be 0. This field is not the same as the Xmas and Ymas flags. Used
by OS Fingerprinting.

Default: DropLog

TCP NULL

Specifies how cOS Core will deal with TCP packets that do not have any of the SYN, ACK, FIN or
RST flags turned on. According to the TCP standard, such packets are illegal and are used by both
OS Fingerprinting and stealth port scanners, as some gateways are unable to detect them.

Chapter 12: Advanced Settings

727