For example, you can drop malformed IP packets, TCP SYN and SYN-ACK
packets that contain data, fragmented ICMP packets, and so on. Each
packet type has a set of characteristics and options that you select
to control whether the firewall drops a packet. Best Practices for Securing Your Network from
Layer4 and Layer 7 Evasions includes some specific recommendations
for configuring packet-based attack protection.