ALL TCP Flags flood
FPU flag combination without invalid_flag — Engarde “ALL TCP Flags Flood” preset. Stresses parsers that must evaluate every flag bit on each segment.
How it works
- Platform preset: attack_flag FPU, invalid_flag false.
- Differs from Xmas Flood which also uses FPU but sets invalid_flag true.
- Useful baseline for “maximum flag surface” per packet before adding header corruption.
Packet flow (illustrative)
Engarde node Target
→TCP flags: F+P+UXmas
→ALL flags setnon-RFC
Parser / IPS path stress
Illustrative flow — not a live capture.
Engarde ALL TCP Flags Flood
Flags FPU
invalid_flag false
What to watch in Engarde
- Per-packet CPU on software firewalls.
- Difference vs. Xmas (invalid) run on same target.
Running this simulation
Select ALL TCP Flags Flood; compare Attack Monitor PPS with single-flag SYN baseline.
Mitigation perspective
Rate-limit rare flag combinations; combine with invalid_flag tests for full coverage.