Hi Kings, I see ..Thanks
Regards Anantha Subramanian Natarajan On Tue, Jan 25, 2011 at 10:00 PM, Kingsley Charles < [email protected]> wrote: > The following will take care of both TCP and UDP half connections. But for > per host, I think it's only possible for TCP. May be it's bcos of that TCP > is very susceptible to DoS attacks. > > ip inspec max-incomplete > ip inspec one-minute > > > With regards > Kings > > On Tue, Jan 25, 2011 at 9:18 PM, Anantha Subramanian Natarajan < > [email protected]> wrote: > >> Hi All, >> >> I was going through the Cisco IOS Firewall Feature(CBAC) and understood >> that,there is a global command "ip inspect tcp max-incomplete host value" to >> delete half-open sessions,whenever the number of half-open sessions to the >> specified destination host address rises above a threshold.Am trying to >> understand a similar command exist for UDP,if not ,any specific technical >> reason ,why this command wouldn't be possible for UDP. >> >> Thanks for the great help >> >> Regards >> Anantha Subramanian Natarajan >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
