Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
1
Replies

Serv-U FTP server causing "Deny IP due to Land Attack" on ASA

btrotter
Level 1
Level 1

‎05-07-2010 10:09 AM - edited ‎03-11-2019 10:42 AM

We have a Serv-U FTP server in our DMZ. When it is running, we are flooded with the messages

Deny IP due to Land Attack from 192.168.1.2 to 192.168.1.2.

Does anyone know what setup in the FTP server can be causing this?

Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎05-07-2010 10:22 AM

This message says that the FW has seen packets sourced and destined to the same ip address (191.168.1.2).

Is the server the 192.168.1.2? You need to check if there are these kinds of packets in your network. You can do a packet capture on the ASA to prove it.

If you see these packets then there is something wrong, maybe some natting device, or some setting on the server.

You can also capture packets on the server itself using Wireshark to see if he is responsible for these packets.

I hope it helps to track this down.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card