Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Land Attack - how does the system respond?

Hope you can help

I have a ASA 5520 and was testing vpn configuration using the packet tracer in asdm. Due to a typo I simiuated a land attack (ie same source and destination address). The ASA then blocked connections to some ip addresses (other services were fine) but nothing appeared in the logs at warning level after the Land Attack error.

My main question is what is the ASA's default response to this? Will the system reset the block and after how long? Anti spoofing and basic security are enabled.

I fixed the fault with a reload but there must be a neater way to do this.


Re: ASA Land Attack - how does the system respond?

Hi Jim,

To the best of my knowledge, the default behavior of the ASA is that message ASA-2-106017 will be logged and the offending packet will be dropped. However, the ASA does not automatically shun the IP address to block any further traffic.

If you are using the threat detection feature in ASA 8.0, you can create a configuration such that a detected attacker IP address will be automatically shunned. If this feature is enabled, the attacker is shunned for 1 hour, though this value is also optionally configured.

Here is the configuration guide for threat detection:

Maybe someone else can chime in that has seen this happen before?


New Member

Re: ASA Land Attack - how does the system respond?

Hi Mike

Thanks for that, I have been through most of this documentation but unfortunately doing a reload to get the full functionality back meant that I have been unable to trace the details of what happened or duplicate this issue. Thanks for you help though, if it do get a resolution I will post something here

cheers, Jim