Nope. Embryonic connection limiting uses the same framework as SYN-cookies, It'll only work with TCP connections.
On Thu, May 20, 2010 at 8:23 AM, Kingsley Charles < [email protected]> wrote: > Hi all > > We do have DoS attacks with uni-direction udp connections. Is the following > valid? Can we use embryonic limitation to udp connection too? > > access-list udp permit udp any any > > class-map udp > match access-list udp > > policy-map udp > class udp > set connection embryonic-conn-max 123 per-client-embryonic-max 23 > > asa# sh service-policy interface outside > > Interface outside: > Service-policy: udp > Class-map: udp > Set connection policy: embryonic-conn-max 123 > per-client-embryonic-max 23 > current embryonic conns 0, drop 0 > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
