In my Syslog I keep seeing this critical message "Deny IP due to Land Attack from X.X.X.X to X.X.X.X." Should I be concerned? Other than filtering it in Syslog, is there any other measures I can to get rid of that? Thanks
So those messages do not directly indicate a problem, but may still be worth investigating. Is the IP address referenced in the syslog message one of your global address in a 'global' or 'static' config line? If so, it very well may be that a host on the inside is trying to communicate to its own external address:
nat (inside) 1 10.0.0.0 255.0.0.0
global (outside) 1 18.104.22.168
If a host on the inside tries to connect to 22.214.171.124, the packet as it leaves the firewall would look like it is coming from/going to 126.96.36.199 (which would be a land attack).
One way you can track this would be to setup a capture on the inside interface for this traffic:
8.0.4 code and later:
cap inside interfcae inside match ip any host 188.8.131.52
access-list cap-list permit ip any host 184.108.40.206
cap inside interface inside access-list cap-list
When you see the error pop-up look at the captures:
show capture inside
I hope this helps. If this resolves your issue, please mark this question as resolved.