Hi all
We do have DoS attacks with uni-direction udp connections. Is the following
valid? Can we use embryonic limitation to udp connection too?
access-list udp permit udp any any
class-map udp
match access-list udp
policy-map udp
class udp
set connection embryonic-conn-max 123 per-client-embryonic-max 23
asa# sh service-policy interface outside
Interface outside:
Service-policy: udp
Class-map: udp
Set connection policy: embryonic-conn-max 123 per-client-embryonic-max
23
current embryonic conns 0, drop 0
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
