Amer Networks E5Web GUI User Manual
Page 727

TCP SYN/RST
The TCP RST flag together with SYN; normally invalid (strip=strip RST).
Default: DropLog
TCP SYN/FIN
The TCP FIN flag together with SYN; normally invalid (strip=strip FIN).
Default: DropLog
TCP FIN/URG
Specifies how cOS Core will deal with TCP packets with both FIN (Finish, close connection) and
URG flags turned on. This should normally never occur, as it is not usually attempted to close a
connection at the same time as sending "important" data. This flag combination could be used to
crash poorly implemented TCP stacks and is also used by OS Fingerprinting.
Default: DropLog
TCP URG
Specifies how cOS Core will deal with TCP packets with the URG flag turned on, regardless of any
other flags. Many TCP stacks and applications deal with Urgent flags in the wrong way and can,
in the worst case scenario, cease working. Note however that some programs, such as FTP and
MS SQL Server, nearly always use the URG flag.
Default: StripLog
TCPE ECN
Specifies how cOS Core will deal with TCP packets with either the Xmas or Ymas flag turned on.
These flags are currently mostly used by OS Fingerprinting.
It should be noted that a developing standard called Explicit Congestion Notification also makes
use of these TCP flags, but as long as there are only a few operating systems supporting this
standard, the flags should be stripped.
Default: StripLog
TCP Reserved Field
Specifies how cOS Core will deal with information present in the "reserved field" in the TCP
header, which should normally be 0. This field is not the same as the Xmas and Ymas flags. Used
by OS Fingerprinting.
Default: DropLog
TCP NULL
Specifies how cOS Core will deal with TCP packets that do not have any of the SYN, ACK, FIN or
RST flags turned on. According to the TCP standard, such packets are illegal and are used by both
OS Fingerprinting and stealth port scanners, as some gateways are unable to detect them.
Chapter 12: Advanced Settings
727