10-07-2010 07:01 AM - edited 03-10-2019 05:08 AM
Hi to All,
how can I configure a pix Version 8.0(4) to NOT block the LAND ATTACK ?
pix# sh log | i 17.12.18.24
Oct 07 2010 15:47:31: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
Oct 07 2010 15:47:31: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59790 duration 0:00:00 bytes 0 looping-address
I've already disable the signature 1102
pix# sh run | i audit
ip audit signature 1102 disable
pix#
but the drop continue ....
pix# sh log | i 17.12.18.24
Oct 07 2010 15:50:22: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
Oct 07 2010 15:50:22: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59891 duration 0:00:00 bytes 0 looping-address
Thanks
Roberto Taccon
10-07-2010 10:41 AM
Roberto,
Can you please attach a show tech and sniffer trace of this traffic? Is it only this one host reporting problem (source or destination).
Those can be cuased by misconfig ... or bugs ...
Marcin
10-07-2010 12:44 PM
Roberto,
The Land attack drops unfortunately cannot be blocked. The are in the basic L3 checks the firewall does and you can stop them.
But I don't see a reason why you would want to allow these packets.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: