After reading the following link:
I discovered that it would be possible to be protected from portscan, i mean when someone scan our nework/host from outside, the attacker will see all the 65535 ports as "open" (in that way it will be more difficult for an attacker to perform customized attacks...)
So I have follow the setup in that link:
policy-map global_policy class class-defaults set connection embryonic-conn-max 15 per-client-embryonic-max 3 service-policy global_policy global
The problem is that I don't have the exepected result...
If i do a portscan over Internet from an external host to my hosts the portscan is successfully working and I can view my open ports...
I have also tried to set this through a "match" in an access-list but without any sucess...
Maybe some of you ever experimented this ?
Thank you for this answer, but it seems that uRPF do not feel exactly what i wanted to do...
(flood the attacker with fake response)
So my question regarding embryonic connection limitation still exist.
Even if you have an embryonic limit set, it does not imply that the ASA will allow a maximum of 15 connections and deny any further connections to the hosts specified by the class-map. Please read the below page for details on what the ASA exactly does using TCP intercept:
It willl mainly be useful in protecting against DoS attacks to your servers where connections are originated from spoofed source IP addresses. I hope that answers your question about embryonic connection limits.
I am still not sure what exactly you are trying to achieve by way of this? Please clarify it for us.