05-26-2004 12:30 AM - edited 02-20-2020 11:25 PM
Is there a way on pix firewall to limit the # of connections per ip address (private ip address)?
once i have an infected laptop with a worm (w32 blaster kind) and it was scanning ip addresses and sending huge number of connections to the firewall , the firewall connection was all consumed and no one was able to get out for internet access.(DoS attack).
is there a way to solve this problem , i was thinking if the pix firewall has that feature , so we can limit the # of connections for each internal ip address.
Thanks
06-01-2004 06:41 AM
On a Cisco router, CBAC or TCP intercept feature can prevent this kind of attack. I am sure PIX also will have some kind of protection against these kind of attacks. The "embryonic limit" options in the static command define how many connections each ip address can have. More information can be found in the PIX configuration guide.
07-08-2004 04:23 AM
I had the same problem.
Did you find a solution?
Graziano
07-08-2004 11:00 AM
in static and nat commands there are arguments which can limit number of connections (both established and embryonic)
example:
static (outside,inside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255 1000 50
07-08-2004 12:42 PM
When using the max connections with a nat command, it will apply to the entire address space using the nat group. The embrionic connections will apply per-host. Those exceeding the number of embrionic connections will b handled by tcp-intercept.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide