Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

a few questions about why you would do something

I was sitting here just reading about some stuff about CBAC this is what it said.

The following example causes the software to start deleting half-open sessions when more than 1000 session establishment attempts have been detected in the last minute, and to stop deleting half-open sessions when fewer than 950 session establishment attempts have been detected in the last minute:

ip inspect one-minute high 1000

ip inspect one-minute low 950

my question is what is a half-opened session? also is the ip inspect name mynamedlist fragment specify packet fragmentation due to MTU or is that for something else?

thanks for clearing up my questions!

2 REPLIES
Cisco Employee

Re: a few questions about why you would do something

Hi

Half Open Session-- is a session which is not complete. For tcp this means, that it has not reached the established state. For udp, this means that the firewall has detected trafic in one direction only (for a period of time)

The ip inspect for fragment is to drop any fragments which the firewall has seen before it saw the initial fragments of that packet.

Fragmentation can occur because of having to pass through different networks of differnt MTU's or when there is a frag attack.

.

The inspect is used for preventing frag attacks ,i.e when you are sure that your regular traffic (fragmented) does not come out of order.

Thanks

Nisha

Community Member

Re: a few questions about why you would do something

again I thank you for your response. You've been a great help. all the little pieces are coming together now. one more quick quesiton. could you help put this in perspective for me? for example if you have a 256kb line that could vary in traffic saturation what would you choose to pick for a fragment max? how often would they happen? and also would there be a way to find out? somewhere on the router? well i'm all out of quesitons now...2:13am.... again i thank you.

-Mike

99
Views
0
Helpful
2
Replies
CreatePlease to create content