Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Syslog ASA-2-106017 - Land Attack

I came across this syslog message while troubleshooting an access issue and real-time log viewing. This syslog message looks serious, but how and what do you do?

Syslog ASA-2-106017 : Deny IP due to Land Attack from IP_address to IP_address.

The land attack lists the IP addresses to be my outside global address. That is the address I use for internet traffic!

Not sure how to treat this issue?

Thanks,

4 REPLIES

Re: Syslog ASA-2-106017 - Land Attack

This message appears when you have enabled Unicast RPF.

Even though an attack is in progress, if this feature is enabled, no

user action is required. The Cisco ASA repels the attack.

Syed

New Member

Re: Syslog ASA-2-106017 - Land Attack

Hi Syed,

I did not enable Unicast RPF.

Is this feature enabled by default?

How does the ASA repel the attack?

Any recommended reading about this on Cisco?

Thanks,

Suhail

New Member

Re: Syslog ASA-2-106017 - Land Attack

I have the same issue on my ASA just source and destination IP are 0.0.0.0 0.0.0.0

I posted this issue here and got reply from someone with the following explenation:

"Somebody has released a program, known as land.c, which can be used to launch denial of service attacks against various TCP implementations. The program sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination."

You can read about land.c on Cisco web:

http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml">http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml

 

New Member

Re: Syslog ASA-2-106017 - Land Attack

...i checked the advisory, and it is 12 years old.....that is way too old....

1637
Views
0
Helpful
4
Replies
CreatePlease to create content