TCP Headers with SYN and FIN Flags Set

Both the SYN and FIN control flags are not normally set in the same TCP segment header.

The SYN flag synchronizes sequence numbers to initiate a TCP connection.

The FIN flag indicates the end of data transmission to finish a TCP connection.

Their purposes are mutually exclusive. A TCP header with the SYN and FIN flags set is anomalous TCP behavior, causing various responses from the recipient, depending on the OS.


Figure 31: TCP Header with SYN and FIN Flags Set


Image TCP_header_SYN-FIN.gif


An attacker can send a segment with both flags set to see what kind of system reply is returned and thereby determine what kind of OS is on the receiving end. The attacker can then use any known system vulnerabilities for further attacks.

When you enable this SCREEN option, JUNOS software checks if the SYN and FIN flags are set in TCP headers. If it discovers such a header, it drops the packet.