Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

ASA 7.2.3 suddenly drops packets (Spoofing)

bauer.juergen
Level 1
Level 1

‎11-05-2007 02:27 AM - edited ‎02-21-2020 01:46 AM

Hi Netpros,

we have an ASA running OS version 7.2.3.

All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).

106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outside

No changes were made beforehand and after the box was rebooted all was working again.

Anybody here seen this problem?

Thanks and best regards,

Jürgen

0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎11-12-2007 07:16 AM

This can potentially be used to do a spoofing attack against the ASA5505. This behavior has been observed in version 7.2.2 and 7.2.3 of the ASA firmware. You would have to gather packet captures on the inside and outside interfaces as well as of the asp drop.

0 Helpful

bauer.juergen
Level 1
Level 1
In response to jsivulka

‎11-12-2007 07:33 AM

I don't really understand - is this a bug or a feature ?-)

no, serious - does this mean that the asa drops packets because it thinks it is under attack?

Or do you mean its a bug which can be used as DOS against the asa?

If its a feature - is it possible to turn it off?

If its a bug - is there a bug ID?

so the best would be to use 7.0.7 again? I know its the only GD...

regards,

juergen

btw. what would I see if I do some troubleshooting like look at the asp drop table and capture some packets?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card