Juniper ACX1000 Configuration Manual page 1080

ACX Series Universal Access Router Configuration Guide
1022
IP fragment overlap.
IP fragment missed.
IP fragment length error.
IP packet length is more than 64 kilobytes (KB).
Tiny fragment attack.
TCP anomalies:
TCP port 0.
TCP sequence number 0 and flags 0.
TCP sequence number 0 and FIN/PSH/RST flags set.
TCP flags with wrong combination (TCP FIN/RST or SYN/(URG|FIN|RST).
Bad TCP checksum.
UDP anomalies:
UDP source or destination port 0.
UDP header length check failed.
Bad UDP checksum.
Anomalies found through stateful TCP or UDP checks:
SYN followed by SYN-ACK packets without ACK from initiator.
SYN followed by RST packets.
SYN without SYN-ACK.
Non-SYN first flow packet.
ICMP unreachable errors for SYN packets.
ICMP unreachable errors for UDP packets.
Packets dropped according to stateful firewall rules.
NOTE: ACX500 routers do not support IP fragmentation anomalies.
If you employ stateful anomaly detection in conjunction with stateless detection, IDS
can provide early warning for a wide range of attacks, including these:
TCP or UDP network probes and port scanning
SYN flood attacks
IP fragmentation-based attacks such as teardrop, bonk, and boink
Copyright © 2017, Juniper Networks, Inc.