Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Query on embroynic and max conn limit on the FWSM

Hi,

Can you please explain

1. the difference in setting the embroynic and max conn limit on the static and the nat command?

2. If there is a sqlnet attack (as below) will setting the following command helped?

nat (inside) 0 ... udp <max number>

sh conn

999849 in use, 999902 most used

Network Processor 1 connections

UDP out 33.209.87.100:1434 in 100.100.119.101:1244 idle 0:01:59 Bytes 36

FLAGS -

UDP out 25.192.199.249:1434 in 100.100.119.101:1244 idle 0:01:31 Bytes 36

FLAGS -

UDP out 219.252.255.232:1434 in 100.100.119.101:1244 idle 0:00:03 Bytes 36

FLAGS -

TIA

PF

2 REPLIES
Bronze

Re: Query on embroynic and max conn limit on the FWSM

Embryonic connection limit lets you prevent a type of attack where processes are started without being completed. When the embryonic limit is surpassed, the TCP intercept feature intercepts TCP synchronization (SYN) packets from clients to servers on a higher security level. The software establishes a connection with the client on behalf of the destination server, and if successful, establishes the connection with the server on behalf of the client and combines the two half-connections together transparently. Thus, connection attempts from unreachable hosts never reach the server. The PIX firewall accomplishes TCP intercept functionality using SYN cookies.

syntax:

static [(local_ifc,global_ifc)] {global_ip | interface} {local_ip [netmask mask] |

access-list acl_name} [dns] [norandomseq] [max_conns [emb_limit]]

New Member

Re: Query on embroynic and max conn limit on the FWSM

Thanks s.

PF

134
Views
4
Helpful
2
Replies
CreatePlease to create content