ASA 7.2.3 suddenly drops packets (Spoofing)

Unanswered Question
Nov 5th, 2007
User Badges:

Hi Netpros,


we have an ASA running OS version 7.2.3.

All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).


106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outside


No changes were made beforehand and after the box was rebooted all was working again.


Anybody here seen this problem?


Thanks and best regards,


Jürgen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Mon, 11/12/2007 - 07:16
User Badges:
  • Bronze, 100 points or more

This can potentially be used to do a spoofing attack against the ASA5505. This behavior has been observed in version 7.2.2 and 7.2.3 of the ASA firmware. You would have to gather packet captures on the inside and outside interfaces as well as of the asp drop.

bauer.juergen Mon, 11/12/2007 - 07:33
User Badges:

I don't really understand - is this a bug or a feature ?-)


no, serious - does this mean that the asa drops packets because it thinks it is under attack?

Or do you mean its a bug which can be used as DOS against the asa?


If its a feature - is it possible to turn it off?

If its a bug - is there a bug ID?


so the best would be to use 7.0.7 again? I know its the only GD...


regards,


juergen


btw. what would I see if I do some troubleshooting like look at the asp drop table and capture some packets?

Actions

This Discussion