IP encapsulates a TCP SYN segment in the IP packet that initiates
a TCP connection. The purpose is to initiate a connection and to
invoke a SYN/ACK segment response. The SYN segment typically does
not contain any data since the IP packet is small and there is
no legitimate reason for it to be fragmented. A fragmented SYN
packet is anomalous and is suspectful. To be cautious, it might
be helpful to block such these fragments from entering the
protected network.
When the syn fragmentation check is enable, the security device
detects and drops the packets when the IP header indicates that
the packet has been fragmented while the SYN flag is set in the
TCP header.
This attributes records the detection of the SYN fragments.