Query on embroynic and max conn limit on the FWSM

pokwan · ‎03-29-2006

Hi,

Can you please explain

1. the difference in setting the embroynic and max conn limit on the static and the nat command?

2. If there is a sqlnet attack (as below) will setting the following command helped?

nat (inside) 0 ... udp <max number>

sh conn

999849 in use, 999902 most used

Network Processor 1 connections

UDP out 33.209.87.100:1434 in 100.100.119.101:1244 idle 0:01:59 Bytes 36

FLAGS -

UDP out 25.192.199.249:1434 in 100.100.119.101:1244 idle 0:01:31 Bytes 36

FLAGS -

UDP out 219.252.255.232:1434 in 100.100.119.101:1244 idle 0:00:03 Bytes 36

FLAGS -

TIA

PF

s.jankowski · ‎04-04-2006

Embryonic connection limit lets you prevent a type of attack where processes are started without being completed. When the embryonic limit is surpassed, the TCP intercept feature intercepts TCP synchronization (SYN) packets from clients to servers on a higher security level. The software establishes a connection with the client on behalf of the destination server, and if successful, establishes the connection with the server on behalf of the client and combines the two half-connections together transparently. Thus, connection attempts from unreachable hosts never reach the server. The PIX firewall accomplishes TCP intercept functionality using SYN cookies.

syntax:

static [(local_ifc,global_ifc)] {global_ip | interface} {local_ip [netmask mask] |

access-list acl_name} [dns] [norandomseq] [max_conns [emb_limit]]

pokwan · ‎05-07-2006

Thanks s.

PF