TCP URG-ACK-PSH-RST-SYN-FIN flood
Six-flag UAPRSF preset — the largest standard combo in Engarde library. Ultimate parser stress test for lab firewalls.
How it works
- Preset: URG-ACK-PSH-RST-SYN-FIN Flood — flag UAPRSF, invalid_flag true.
- Superset of APRSF; adds URG urgent-pointer handling.
- Run only in controlled lab with operator oversight.
Packet flow (illustrative)
Engarde node Target
→TCP flags: F+P+UXmas
→ALL flags setnon-RFC
Parser / IPS path stress
Illustrative flow — not a live capture.
Flags U+A+P+R+S+F
Engarde UAPRSF preset
Risk Lab only
What to watch in Engarde
- Device crash or watchdog restart (rare but reported on legacy gear).
- Difference vs. APRSF-only run in same report window.
Running this simulation
Schedule UAPRSF with Engarde operator; 30–60s max on isolated lab target.
Mitigation perspective
If UAPRSF is forwarded, review entire TCP normalize policy — something is misconfigured.