SYN RST is an invalid TCP flag combination

TheBFG · July 5, 2007, 1:01am

Cable Internet Connection/ cable modem/ Corega router
OS Windows XP SP2
COMODO 2.4.18.84

Since I changed to a router a few days ago I have noticed that I get this notification pretty
often.

Severity high
Reporter : Network monitor
Blocked by protocol anaylisis ( Invalid flag combination)
Direction:TCP incoming
SYN RST is an invalid TCP flag combination

It does not affect my ability to connect so I don’t rank it as a problem.
I was just wondering what it means, as I am not familiar with such terms yet
(but I’m in learning mode!) and if I need to make any adjustments to the firewall.
If any more info is needed please ask.
Thanks in advance

Little_Mac · July 5, 2007, 4:49pm

This is coming because of Comodo’s Stateful Packet Inspection (SPI) engine, as part of Protocol Analysis (Security/Advanced/Advanced Attack Detection & Prevention/Miscellaneous).

There is a thread dealing with ACK FIN RST (another Invalid Flag Combination) here:
https://forums.comodo.com/help/invalid_tcp_flag_rule_before_network_rules_in_processing_order-t2684.0.html

There may be some good info there. You can also look up these flag combos on Wikipedia or such to find out more (be aware, it may cause your brain to explode… ).

It may be due in part to your router, or something more nefarious. Sorry I can’t give you much help on it; I’m not that deep into networking and IP traffic. There are some here who are; hopefully one of them will drop in and provide some more info and help.

The two positives I see in it are:

It’s being blocked (in case it’s a bad thing)
Your connectivity isn’t being interrupted by it

LM