Signature Detail
Short Name |
TCP:OPTERR:NONSYN-MSS |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
TCP |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
TCP: Options Error MSS In Non-SYN Packet
This protocol anomaly triggers when it detects a Maximum Segment Size (MSS) option in a non-SYN packet. The MSS option should appear only in SYN packets. While abnormal, these packets are harmless.
Extended Description
Because maximum packet size negotiation occurs only at the beginning of a session, MSS options should never be observed in non-SYN packets. Detection of MSS options in non-SYN packets could indicate a data transmission error has occurred, or that a malicious party is injecting malformed packets into a targeted network. The impact of such packets depends on the implementation of the TCP clients and servers that handle the packet.
References