Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 7.2.3 suddenly drops packets (Spoofing)

Hi Netpros,

we have an ASA running OS version 7.2.3.

All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).

106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outside

No changes were made beforehand and after the box was rebooted all was working again.

Anybody here seen this problem?

Thanks and best regards,

Jürgen

2 REPLIES
Bronze

Re: ASA 7.2.3 suddenly drops packets (Spoofing)

This can potentially be used to do a spoofing attack against the ASA5505. This behavior has been observed in version 7.2.2 and 7.2.3 of the ASA firmware. You would have to gather packet captures on the inside and outside interfaces as well as of the asp drop.

New Member

Re: ASA 7.2.3 suddenly drops packets (Spoofing)

I don't really understand - is this a bug or a feature ?-)

no, serious - does this mean that the asa drops packets because it thinks it is under attack?

Or do you mean its a bug which can be used as DOS against the asa?

If its a feature - is it possible to turn it off?

If its a bug - is there a bug ID?

so the best would be to use 7.0.7 again? I know its the only GD...

regards,

juergen

btw. what would I see if I do some troubleshooting like look at the asp drop table and capture some packets?

141
Views
0
Helpful
2
Replies