The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.
Recommended Action: If this message persists, an attack might be in progress. The packet does not provide enough information to determine where the attack originates.
%PIX|ASA-1-106021: Deny protocol reverse path check from
source_address to dest_address on interface interface_name
An attack is in progress. Someone is attempting to spoof an IP address on an inbound connection. Unicast RPF, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your security appliance.
This message appears when you have enabled Unicast RPF with the ip verify reverse-path command. This feature works on packets input to an interface. If it is configured on the outside, then the security appliance checks packets arriving from the outside.
The security appliance looks up a route based on the source address. If an entry is not found and a route is not defined, then this system log message appears and the connection is dropped.
If there is a route, the security appliance checks which interface it corresponds. If the packet arrived on another interface, it is either a spoof or there is an asymmetric routing environment that has more than one path to a destination. The security appliance does not support asymmetric routing.
If the security appliance is configured on an internal interface, it checks static route command statements or RIP. If the source address is not found, then an internal user is spoofing their address.