In order to circumvent network protection tools, cybercriminals may forge a TCP session more efficiently by submitting a bogus SYN Packet, a series of ACK packets, and at least one RST (reset) or FIN (connection termination) packet. This tactic allows crooks to get around defenses that only keep tabs on incoming traffic rather than analyzing return traffic.

Read more at Woods LLP