Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications
Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications
2023-09-22 14:12:58 - last edited 2023-09-25 03:38:19
Model: OC200  
Hardware Version: V1
Firmware Version: OC200(UN)_v1_1.26.3_20230906

I continue to get Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications.  This has been going on for several firmware versions and does not seem to be abating.

 

Controller and Route/Gateway versions and firmware.  All of my hardware is listed in my signature block.

OC200 V1 - OC200(UN)_v1_1.26.3_20230906
TL-R605 v1.0 - ER605(UN)_v1_1.3.0 Build 20230511

 

These are the instances for today so far at 09:30:
2023-09-22 00:05:10     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP no-Flag attack and dropped 1 packets.
2023-09-22 00:21:21     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.
2023-09-22 00:42:43     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.
2023-09-22 01:22:54     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.
2023-09-22 01:41:34     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP no-Flag attack and dropped 1 packets.
2023-09-22 06:47:32     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP no-Flag attack and dropped 1 packets.
2023-09-22 06:59:45     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.
2023-09-22 07:27:39     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.
2023-09-22 09:27:33     DEVICE     WARNING      [osg:1. Router/Gateway:xx-xx-xx-xx-xx-xx] detected TCP SYN-and-FIN packets attack and dropped 1 packets.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0      
  0      
#1
Options
1 Accepted Solution
Re:Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications-Solution
2023-09-25 11:40:30 - last edited 2023-09-25 17:40:13

  @Hank21 

 

Unfortunately, your 'solution' is no such thing.  It's simply a band-aid attempting to cover up the existing flaw in the firmware.  Turning off the protection against TCP No-Flag and TCP SYN-and-FIN Attacks because the warnings are annoying (which they certainly are) is dangerous and ill advised.  If any of those are real attacks, the router will no longer protect my devices and clients.

 

TLDR; The solution isn't to simply shut the protection off so we don't get the associated warnings. The solution is to fix the firmware.
 

Please fix the firmware.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
Recommended Solution
  3  
  3  
#3
Options
3 Reply
Re:Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications
2023-09-25 03:37:59 - last edited 2023-09-25 11:42:51

Hello @lflorack,

 

Please check the Solution post here for more details about this phenomenon.

If you want to learn more about the principles of these logs generation, you can take a look:

Understanding TCP/UDP and How Omada Firewall Protects Your Network from Attacks

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications-Solution
2023-09-25 11:40:30 - last edited 2023-09-25 17:40:13

  @Hank21 

 

Unfortunately, your 'solution' is no such thing.  It's simply a band-aid attempting to cover up the existing flaw in the firmware.  Turning off the protection against TCP No-Flag and TCP SYN-and-FIN Attacks because the warnings are annoying (which they certainly are) is dangerous and ill advised.  If any of those are real attacks, the router will no longer protect my devices and clients.

 

TLDR; The solution isn't to simply shut the protection off so we don't get the associated warnings. The solution is to fix the firmware.
 

Please fix the firmware.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
Recommended Solution
  3  
  3  
#3
Options
Re:Constant TCP No-Flag and TCP SYN-and-FIN Attack Notifications
2023-09-26 02:45:38

Hi @lflorack

 

Thanks for your valuable feedback!

It's planned to optimize the event notification of "TCP no-Flag attack" in future iterations of the ER605 v1.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options