Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
5
Helpful
2
Replies

Deny IP due to Land Attack same My IP

Ivan Marinovic
Level 1
Level 1

‎04-05-2018 11:58 PM - edited ‎02-21-2020 07:36 AM

Hi,

 

I keep receiving log messages on ASA 5545X like this:

 

 

 

 

2 Apr 06 2018 07:47:57   19.19.20.4   19.19.20.4   Deny IP due to Land Attack from 19.19.20.4 to 19.19.20.4

 

 

This is for server -  IP which is 1-to-1 NAT

10.1.4.4 ->19.19.20.4

 

CONFIG:

 

object network 19.19.20.4-10.1.4.4

nat (inside,outside) static 19.19.20.4 dns

host 10.1.4.4

 

 

and same happens with this log:

 

This is for local host/network 10.44.0.0  -  IP which is 1-to-many NAT

2 Apr 06 2018 07:48:23   19.19.20.244   19.19.20.244   Deny IP due to Land Attack from 19.19.20.244 to 19.19.20.244

 

CONFIG:

 

object network 19.19.20.244-10.44.0.0

nat (inside,outside) dynamic 19.19.20.244

subnet 10.44.0.0 255.255.0.0

 

Is something with NAT config wrong?

 

Best regards,

Ivan

Labels:
0 Helpful
2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

‎04-06-2018 02:58 AM

Hi Ivan,

Land Attack simply means the packets have the same source ip and destination ip, in your case it seems to be 19.19.20.4 and 19.19.20.244.

Is it possible that 10.1.4.4 is sending packets to 19.19.20.4, or 10.44.0.0/24 to 19.19.20.244 ?

You can set up some captures to find out.

If yes configure identity nat for that specific destination.

 

HTH

Bogdan

mplaksin0
Level 1
Level 1
In response to Bogdan Nita

‎04-06-2018 10:05 AM

Maybe create a nonat rule to packets on the same private network?
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card