TCP ACK-PSH-RST-SYN-FIN flood
Five-flag combo preset (APRSF) — maximum “everything set” handshake chaos for parser and IPS regression testing.
How it works
- Engarde preset: ACK-PSH-RST-SYN-FIN Flood — flag APRSF, invalid_flag true.
- Represents worst-case flag surface in a single segment class.
- Use after baseline single-flag tests to find IPS rule gaps.
Packet flow (illustrative)
Engarde node Target
→TCP flags: F+P+UXmas
→ALL flags setnon-RFC
Parser / IPS path stress
Illustrative flow — not a live capture.
Flags A+P+R+S+F
Engarde APRSF preset
Use case IPS regression
What to watch in Engarde
- Alert vs. drop behavior on each protection tier.
- Compare with UAPRSF (adds URG) for incremental diff.
Running this simulation
Lab-only short run of APRSF preset; document which device first drops or alerts.
Mitigation perspective
Explicit deny for multi-flag anomalies; never assume “will never happen in prod”.