From Network Security Wiki
  • Christmas tree packet is a packet with every single option set for whatever protocol is in use.When used as part of scanning a system, the TCP header of a Christmas tree packet has the flags SYN, FIN, URG and PSH set. Many operating systems implement their compliance with the Internet Protocol standard (RFC 791) in varying or incomplete ways. By observing how a host responds to an odd packet, such as a Christmas tree packet, assumptions can be made regarding the host's operating system. A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the 'usual' packets do. Christmas tree packets are always suspicious and indicate a high probability of network reconnaissance activities.