Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
217
Views
0
Helpful
1
Replies

limiting embryonic connections outbound issue.

hugodrax
Level 1
Level 1

‎03-30-2004 12:24 AM - edited ‎03-09-2019 06:54 AM

nat 1 0.0.0.0 0.0.0.0 0 10

does not limit inbound users from having more than 10 saA's ie an infected host could still generate hundreds of SYNs to non existant hosts outbound.

ie bad host would generate 1 initial SYN session request to 100 different non existant IP addresses.

Will the next Version address this issue, is it also possible to add a autoshun capability if a host violates an internal host violates outbound embryonic limit rule. adding this feature to internal hosts violating connection limits would also be nice :)

Labels:
0 Helpful
1 Reply 1

a.alekseev
Level 7
Level 7

‎03-31-2004 10:32 AM

I've tried syn-flood attack. Attacker sent 30000 pps.

pix cpu utilisation 99%.

it dosn't matter have you blocked access-list, shun, or no translatinon. PIX cpu utilisation 99%.

0 Helpful
Customers Also Viewed These Support Documents