Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi
Had a problem and now I have a question:
A server setup relying on multicast on 228.10.10.9/ udp 45591 (internally on the vlan - non-routed) was moved from one vlan on a Catalyst 2960 switch (working OK here) to a datacenter vlan.
First it was est...
HiIn order to mitigate syn-floods, syn-cookies are usefull tools, but I wonder how the count is.F.ex if this security police from the configuration guide is applied to the outside interface:hostname(config)# class-map CONNS
hostname(config-cmap)# ma...
Hi,A couple of questions: I want to move syn cookie protection from ACE-modules to ASA modules in a data center setup. And I want to set a max embryonic conns per server/IP behind the firewall f.ex 512/serverAcc to the ASA conf.guide 8.5 you can make...
IyerAgree - but you still have a problem with heavy dDoS attacks with thousands of spoofed IPs.I ended up with this config (going into production very soon) - the embryonic-conn-max 512 is intended to trig syn-cookies during syn-attacks:class-map EMB...
Hello jcarvajaNo, I don't ! I'm operating with "inside servers" and "outside clients", and I want to protect inside servers with a generic embryonic-conn treshold per server. Limiting embryonic-conn per outside client is imho not so important since s...
