Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Land Attack - ASA 5520

I am receiving hundreds of the following messages in ASA 5520 log:

"Deny IP due to Land Attack from 0.0.0.0 to 0.0.0.0"

Can it be related to another messages I am receiving in ASA5520 log which is:

"UDP request discarded from 10.80.48.246/24678 to ProdZone:255.255.255.255/24677"?

Strange thing is that IP address 10.80.48.246 doesn't exist on my network.

I am receiving such messange from many different IP addresses and none of them is used on my network.

Any ideas?

Help appreciated

3 REPLIES
New Member

Re: Land Attack - ASA 5520

Hi

It is a DoS attack.The program(known as land.c) sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination.

But ASA is not vulnerable to this attack.But please keep monitoring your network traffic.

Thanks

Jithesh

New Member

Re: Land Attack - ASA 5520

Is it possibile that these attacks are coming from infected PCs on my network? Does any antivirus detects land.c ?

Are these udp messages which I showed in my initial post relevant to the DoS

Thank you for your help. I appreciate

New Member

Re: Land Attack - ASA 5520

Yes it is possible from your inside LAN if any host is compromised. Land attack is an old virus attack and most of the Antivirus tools will help you. Those UDP logs are also a part of this attack.

Thanks

1343
Views
0
Helpful
3
Replies
CreatePlease to create content