https://community.cisco.com/t5/network-security/log-message-in-asa/m-p/1691213#M535839 <HTML><HEAD></HEAD><BODY><P>The firewall seems to be under land attack, you need to identify the mac-address of the machine from where you are getting these messages, do this:</P><P></P><P>access-list cap permit ip host 0.1.0.4 any</P><P>access-list cap permit ip host 0.1.0.4 any</P><P>capture capin access-list cap interface inside</P><P></P><P>and the do "show capture capin" check if any packets are captured, if yes , do " show capture capin detail | in 0.1.0.4" , it will give you the mac-address, here is an example:</P><P></P><PRE>1: 11:16:29.858872 <STRONG>0015.c666.5870</STRONG> 0012.d949.06d9 0x0800 92: 192.168.0.1.137 &gt; 192.168.0.1.137:&nbsp; [udp sum ok] udp 50 [tos 0x60]&nbsp; (ttl 137, id 28616)<BR /><BR />and then you can check it by :<BR /><BR />sh arp | in <STRONG><STRONG>0015.c666.5870</STRONG></STRONG><BR /><BR />and check if this mac is in your network.<BR /><BR />hope this would help you.<BR /><BR />Thanks,<BR />Varun <BR /></PRE></BODY></HTML> Fri, 15 Jul 2011 17:13:07 GMT varrao 2011-07-15T17:13:07Z https://community.cisco.com/t5/network-security/log-message-in-asa/m-p/1691212#M535838 <P>Hey there,</P><P></P><P>I'm seeing a lot of these message in my 5520 ASA.</P><P>Any thoughts?</P><P></P><P>Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside </P> Mon, 11 Mar 2019 20:59:41 GMT https://community.cisco.com/t5/network-security/log-message-in-asa/m-p/1691212#M535838 Russell Pearson 2019-03-11T20:59:41Z https://community.cisco.com/t5/network-security/log-message-in-asa/m-p/1691213#M535839 <HTML><HEAD></HEAD><BODY><P>The firewall seems to be under land attack, you need to identify the mac-address of the machine from where you are getting these messages, do this:</P><P></P><P>access-list cap permit ip host 0.1.0.4 any</P><P>access-list cap permit ip host 0.1.0.4 any</P><P>capture capin access-list cap interface inside</P><P></P><P>and the do "show capture capin" check if any packets are captured, if yes , do " show capture capin detail | in 0.1.0.4" , it will give you the mac-address, here is an example:</P><P></P><PRE>1: 11:16:29.858872 <STRONG>0015.c666.5870</STRONG> 0012.d949.06d9 0x0800 92: 192.168.0.1.137 &gt; 192.168.0.1.137:&nbsp; [udp sum ok] udp 50 [tos 0x60]&nbsp; (ttl 137, id 28616)<BR /><BR />and then you can check it by :<BR /><BR />sh arp | in <STRONG><STRONG>0015.c666.5870</STRONG></STRONG><BR /><BR />and check if this mac is in your network.<BR /><BR />hope this would help you.<BR /><BR />Thanks,<BR />Varun <BR /></PRE></BODY></HTML> Fri, 15 Jul 2011 17:13:07 GMT https://community.cisco.com/t5/network-security/log-message-in-asa/m-p/1691213#M535839 varrao 2011-07-15T17:13:07Z