https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204997#M877045 <HTML><HEAD></HEAD><BODY><P></P><P>This message appears when you have enabled Unicast RPF.</P><P></P><P>Even though an attack is in progress, if this feature is enabled, no</P><P>user action is required. The Cisco ASA repels the attack.</P><P></P><P>Syed</P></BODY></HTML> Fri, 30 Jan 2009 08:58:28 GMT Syed Iftekhar Ahmed 2009-01-30T08:58:28Z https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204996#M877044 <P>I came across this syslog message while troubleshooting an access issue and real-time log viewing. This syslog message looks serious, but how and what do you do?</P><P>Syslog ASA-2-106017 : Deny IP due to Land Attack from IP_address to IP_address.</P><P>The land attack lists the IP addresses to be my outside global address. That is the address I use for internet traffic!</P><P>Not sure how to treat this issue?</P><P>Thanks,</P> Mon, 11 Mar 2019 14:43:59 GMT https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204996#M877044 highmiles2 2019-03-11T14:43:59Z https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204997#M877045 <HTML><HEAD></HEAD><BODY><P></P><P>This message appears when you have enabled Unicast RPF.</P><P></P><P>Even though an attack is in progress, if this feature is enabled, no</P><P>user action is required. The Cisco ASA repels the attack.</P><P></P><P>Syed</P></BODY></HTML> Fri, 30 Jan 2009 08:58:28 GMT https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204997#M877045 Syed Iftekhar Ahmed 2009-01-30T08:58:28Z https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204998#M877047 <HTML><HEAD></HEAD><BODY><P>Hi Syed,</P><P></P><P>I did not enable Unicast RPF. </P><P>Is this feature enabled by default? </P><P>How does the ASA repel the attack? </P><P>Any recommended reading about this on Cisco?</P><P></P><P>Thanks,</P><P>Suhail</P></BODY></HTML> Fri, 30 Jan 2009 15:04:43 GMT https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204998#M877047 highmiles2 2009-01-30T15:04:43Z https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204999#M877049 <HTML><HEAD></HEAD><BODY><P></P><P>I have the same issue on my ASA just source and destination IP are 0.0.0.0 0.0.0.0</P><P></P><P></P><P>I posted this issue&nbsp;here and got reply from someone with the following explenation:</P><P></P><P></P><P>"Somebody has released a program, known as <STRONG>land.c</STRONG>, which can be used to launch denial of service attacks against various TCP implementations. The program sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination."</P><P></P><P></P><P>You can read about land.c on Cisco web:</P><P></P><P></P><P><A href="&lt;a class=" jive-link-custom="">http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml</A>"&gt;<A class="jive-link-custom" href="http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml" target="_blank">http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1693.shtml</A></P><P></P><P></P><P>&nbsp;</P><P></P></BODY></HTML> Sat, 31 Jan 2009 02:51:11 GMT https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1204999#M877049 amarula115 2009-01-31T02:51:11Z https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1205000#M877052 <HTML><HEAD></HEAD><BODY><P>...i checked the advisory, and it is 12 years old.....that is way too old....</P></BODY></HTML> Mon, 09 Feb 2009 20:01:26 GMT https://community.cisco.com/t5/network-security/syslog-asa-2-106017-land-attack/m-p/1205000#M877052 highmiles2 2009-02-09T20:01:26Z