[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What does "embryonic connections dropped" in netstat output mean?
Now take what you just said and relate it to OpenBSD 2.9 with IPSec
enabled. Why would OpenBSD decrypt and authenticate an IPsec connection
from another machine, pass it to the IP stack for processing, and then
increment the "embryonic connections dropped" counter after obviously
dropping the connection ? If IPsec is turned off on my machines,
everything works fine. No dropped connections. Is there something in the
kernel I'm missing? Some parameter that must be increased if IPsec is
enabled? I've been through FAQ13 and the VPN man page SEVERAL times and I
haven't seen anything that explains why I'm having this problem.
At 01:54 PM 10/3/2001 -0700, KoAps wrote:
>In the PIX Firewall the embryonic connection limit is how consecutive
>connection establishments you can have before it starts dropping connections
>and not allowing anymore establishments to be made...
>
>One way to block syn attacks but also a way to block legit connections...
>
>L8rZ,
>
> )\_/(
> < o,0 >
> ~
> \ /
>
>KoAps
>
>
>
>----- Original Message -----
>From: "Sean O'Neill" <swoneill@swbell.net>
>To: <tech@openbsd.org>
>Sent: Wednesday, October 03, 2001 1:44 PM
>Subject: What does "embryonic connections dropped" in netstat output mean?
>
>
>What does "embryonic connections dropped" in netstat output mean?
>
>
>-
>........................................................
>......... ..- -. .. -..- .-. ..- .-.. . ... ............
>.-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ...
>
>Sean O'Neill
-
........................................................
......... ..- -. .. -..- .-. ..- .-.. . ... ............
.-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ...
Sean O'Neill