Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2221
Views
0
Helpful
4
Replies

Syslog ASA-2-106017 - Land Attack

highmiles2
Level 1
Level 1

‎01-29-2009 10:35 PM - edited ‎03-11-2019 07:43 AM

I came across this syslog message while troubleshooting an access issue and real-time log viewing. This syslog message looks serious, but how and what do you do?

Syslog ASA-2-106017 : Deny IP due to Land Attack from IP_address to IP_address.

The land attack lists the IP addresses to be my outside global address. That is the address I use for internet traffic!

Not sure how to treat this issue?

Thanks,

Labels:
0 Helpful
4 Replies 4

Syed Iftekhar Ahmed
Level 8
Level 8

‎01-30-2009 12:58 AM

This message appears when you have enabled Unicast RPF.

Even though an attack is in progress, if this feature is enabled, no

user action is required. The Cisco ASA repels the attack.

Syed

0 Helpful

highmiles2
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎01-30-2009 07:04 AM

Hi Syed,

I did not enable Unicast RPF.

Is this feature enabled by default?

How does the ASA repel the attack?

Any recommended reading about this on Cisco?

Thanks,

Suhail

0 Helpful

amarula115
Level 1
Level 1
In response to highmiles2

‎01-30-2009 06:51 PM

I have the same issue on my ASA just source and destination IP are 0.0.0.0 0.0.0.0

I posted this issue here and got reply from someone with the following explenation:

"Somebody has released a program, known as land.c, which can be used to launch denial of service attacks against various TCP implementations. The program sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination."

You can read about land.c on Cisco web:

http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml">http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml

 

0 Helpful

highmiles2
Level 1
Level 1
In response to amarula115

‎02-09-2009 12:01 PM

...i checked the advisory, and it is 12 years old.....that is way too old....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card