TCP FIN flood
FIN-flag floods attempt to exhaust connection teardown handling and confuse state machines on edge devices.
How it works
- FIN packets signal connection close.
- High FIN rate can stress TIME-WAIT/CLOSE-WAIT handling.
- May interact badly with keep-alive heavy services.
Packet flow (illustrative)
Engarde node Target
→TCP [FIN|RST|PSH]flag flood
→TCP flag segment× N
Connection state churn ↑
Illustrative flow — not a live capture.
Flag FIN
Engarde TCP FIN
Layer L4
What to watch in Engarde
- Socket exhaustion on target OS.
- Unexpected connection resets for legitimate users.
Running this simulation
Engarde TCP attack with FIN flag — short duration recommended for first run.
Mitigation perspective
Connection limit tuning and FIN/RST rate policies on perimeter devices.