ASA 7.2.3 suddenly drops packets (Spoofing)

Unanswered Question
Nov 5th, 2007

Hi Netpros,

we have an ASA running OS version 7.2.3.

All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).

106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outside

No changes were made beforehand and after the box was rebooted all was working again.

Anybody here seen this problem?

Thanks and best regards,

Jürgen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Mon, 11/12/2007 - 07:16

This can potentially be used to do a spoofing attack against the ASA5505. This behavior has been observed in version 7.2.2 and 7.2.3 of the ASA firmware. You would have to gather packet captures on the inside and outside interfaces as well as of the asp drop.

bauer.juergen Mon, 11/12/2007 - 07:33

I don't really understand - is this a bug or a feature ?-)

no, serious - does this mean that the asa drops packets because it thinks it is under attack?

Or do you mean its a bug which can be used as DOS against the asa?

If its a feature - is it possible to turn it off?

If its a bug - is there a bug ID?

so the best would be to use 7.0.7 again? I know its the only GD...

regards,

juergen

btw. what would I see if I do some troubleshooting like look at the asp drop table and capture some packets?

Actions

This Discussion