cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
284
Views
0
Helpful
2
Replies

a few questions about why you would do something

m.matteson
Level 2
Level 2

I was sitting here just reading about some stuff about CBAC this is what it said.

The following example causes the software to start deleting half-open sessions when more than 1000 session establishment attempts have been detected in the last minute, and to stop deleting half-open sessions when fewer than 950 session establishment attempts have been detected in the last minute:

ip inspect one-minute high 1000

ip inspect one-minute low 950

my question is what is a half-opened session? also is the ip inspect name mynamedlist fragment specify packet fragmentation due to MTU or is that for something else?

thanks for clearing up my questions!

2 Replies 2

nchandy
Cisco Employee
Cisco Employee

Hi

Half Open Session-- is a session which is not complete. For tcp this means, that it has not reached the established state. For udp, this means that the firewall has detected trafic in one direction only (for a period of time)

The ip inspect for fragment is to drop any fragments which the firewall has seen before it saw the initial fragments of that packet.

Fragmentation can occur because of having to pass through different networks of differnt MTU's or when there is a frag attack.

.

The inspect is used for preventing frag attacks ,i.e when you are sure that your regular traffic (fragmented) does not come out of order.

Thanks

Nisha

again I thank you for your response. You've been a great help. all the little pieces are coming together now. one more quick quesiton. could you help put this in perspective for me? for example if you have a 256kb line that could vary in traffic saturation what would you choose to pick for a fragment max? how often would they happen? and also would there be a way to find out? somewhere on the router? well i'm all out of quesitons now...2:13am.... again i thank you.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: