Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Serv-U FTP server causing "Deny IP due to Land Attack" on ASA

We have a Serv-U FTP server in our DMZ. When it is running, we are flooded with the messages

Deny IP due to Land Attack from 192.168.1.2 to 192.168.1.2.

Does anyone know what setup in the FTP server can be causing this?

1 REPLY
Cisco Employee

Re: Serv-U FTP server causing "Deny IP due to Land Attack" on AS

This message says that the FW has seen packets sourced and destined to the same ip address (191.168.1.2).

Is the server the 192.168.1.2? You need to check if there are these kinds of packets in your network. You can do a packet capture on the ASA to prove it.

If you see these packets then there is something wrong, maybe some natting device, or some setting on the server.

You can also capture packets on the server itself using Wireshark to see if he is responsible for these packets.

I hope it helps to track this down.

PK

290
Views
0
Helpful
1
Replies