Serv-U FTP server causing "Deny IP due to Land Attack" on ASA

Unanswered Question
May 7th, 2010

We have a Serv-U FTP server in our DMZ. When it is running, we are flooded with the messages

Deny IP due to Land Attack from 192.168.1.2 to 192.168.1.2.

Does anyone know what setup in the FTP server can be causing this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Fri, 05/07/2010 - 10:22

This message says that the FW has seen packets sourced and destined to the same ip address (191.168.1.2).

Is the server the 192.168.1.2? You need to check if there are these kinds of packets in your network. You can do a packet capture on the ASA to prove it.

If you see these packets then there is something wrong, maybe some natting device, or some setting on the server.

You can also capture packets on the server itself using Wireshark to see if he is responsible for these packets.

I hope it helps to track this down.

PK

Actions

This Discussion