Mark,Thanks for your comment Regards Anantha Subramanian Natarajan
On Tue, Jan 25, 2011 at 7:34 PM, Mark Senteza <[email protected]>wrote: > If I'm not mistaken, the router will look at outbound UDP connections and > observe for returning traffic that matches/related to the outbound flow. If > none is seen within a specified time, then that connection is considered a > UDP half-open connection. Being a connectionless protocol, the three-way > handshake doesnt apply when considering half-open sessions in the TCP sense. > > > On Tue, Jan 25, 2011 at 12:34 PM, Anantha Subramanian Natarajan < > [email protected]> wrote: > >> Hi Piotr, >> >> Thanks for your clarification.Seems Cisco IOS firewall consider UDP >> half-open sessions as any UDP communication which is unidirectional.Is that >> not right ..I was reading on the command reference on what cisco IOS >> firewall treats it as UDP half open session. >> >> Kindly correct me. >> >> Thanks >> >> Regards >> Anantha Subramanian Natarajan >> >> >> On Tue, Jan 25, 2011 at 11:48 AM, Piotr Matusiak <[email protected]> wrote: >> >>> Anantha, >>> >>> UDP is connectionless so not half-open connections exist. >>> >>> Regards, >>> Piotr >>> >>> 2011/1/25 Anantha Subramanian Natarajan <[email protected]> >>> >>>> Hi All, >>>> >>>> I was going through the Cisco IOS Firewall Feature(CBAC) and >>>> understood that,there is a global command "ip inspect tcp max-incomplete >>>> host value" to delete half-open sessions,whenever the number of half-open >>>> sessions to the specified destination host address rises above a >>>> threshold.Am trying to understand a similar command exist for UDP,if not >>>> ,any specific technical reason ,why this command wouldn't be possible for >>>> UDP. >>>> >>>> Thanks for the great help >>>> >>>> Regards >>>> Anantha Subramanian Natarajan >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> >>> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
