Hi,

I always had a tough time understanding attacks and remembering them. May be because I am mostly into labbing and seeing things as am not that bright in understanding theory.

I was reading through SRX SCREEN OPTIONS and was trying to test out various attacks.

ATTACK - TCP SYN-FIN
--------------------

Lets have a look at TCP Header

 

TCP_header_SYN-FIN

 

SYN Flag is set for synchronization of sequence numbers to initiate a TCP connection. FIN Flag is set to indicate the FINISH of a tcp Connection. Now logically, these two flags cannot be existent with each other.

 

Let us define a quick screen to filter out these anomalies

wireshark_filter_application

 

Below is how we define screen-options

screen_options

 

WIRESHARK  Analysis

 

wireshark_capture

 

Let us see, what is captured on Junos

 

final screen alter

 

 

Thank You

Rakesh Madupu

 

 

 

 

Advertisements